Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

After closing previous thread my problems continue

This is a discussion on After closing previous thread my problems continue within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi there. After lots of great help from CatByte all the memory I had lost was returned and it looked


 
 
Thread Tools Search this Thread
Old 02-14-2011, 08:33 AM   #1
Registered Member
 
Join Date: Dec 2010
Posts: 23
OS: xp



Hi there. After lots of great help from CatByte all the memory I had lost was returned and it looked like my problems were solved. However I've noticed that the memory I got back has been going down at the same rate as before (see link to thread below). It also takes a long time to shut down with lots of boxes prompting me to close programmes that I can't see running. The laptop also freezes at least once a day (forcing me to manually switch it off) and sometimes it hybernates while I'm working (and pressing keys). The laptop's audio is still mute (Catbyte advised me to open another thread about that but then I found that my original problems persisted so I've not done that).
Thanks a lot,
Seamus

https://www.techsupportforum.com/security-center/virus-trojan-spyware-help/535792-logs-dds-gmer-new-post.html
Oberjeen is offline  
Sponsored Links
Advertisement
 
Old 02-16-2011, 03:54 AM   #2
TSF-Emeritus
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



sorry to hear the issues are back, let's see if we can figure out the cause

please run DDS and GMER again:


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT


Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
__________________


Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
CatByte is offline  
Old 02-21-2011, 01:14 PM   #3
Registered Member
 
Join Date: Dec 2010
Posts: 23
OS: xp



Hi CatByte. Thanks for helping again. Here are the logs (dds attach file pasted into reply as requested):


DDS (Ver_10-12-12.02) - NTFSx86
Run by Hayes at 19:37:05.23 on 21/02/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1015.409 [GMT 0:00]
AV: Norton Internet Security 2006 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *Disabled*
FW: Norton Internet Security 2006 *Enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Hayes\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Orange Toolbar: {e97b5f2e-ca8e-4d34-bda3-44eec4ed2b12} -
TB: {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [UniblueRegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [TFNF5] TFNF5.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\hayes\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\hayes\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\quickcam\eReg.exe
StartupFolder: c:\docume~1\hayes\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\hayes\applic~1\mozilla\firefox\profiles\iiz4q7c7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
============= SERVICES / DRIVERS ===============
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-4-20 6144]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-26 53896]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-24 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-24 33024]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-6-13 90112]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-2-24 3456]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-3-6 98304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-12 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110221.002\NAVENG.Sys [2011-2-21 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110221.002\NavEx15.Sys [2011-2-21 1360760]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-26 334984]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-9-16 191848]
S2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2005-9-16 202088]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-9-16 169320]
S2 gupdate1c9e95770df3e38;Google Update Service (gupdate1c9e95770df3e38);c:\program files\google\update\GoogleUpdate.exe [2009-6-9 133104]
S2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2005-10-6 139888]
S2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-4-20 1251720]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-4-20 35968]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RDID1008;Roland PC-300;c:\windows\system32\drivers\Rdwm1008.sys [2009-10-12 79393]
S3 RDID1057;EDIROL UA-1EX;c:\windows\system32\drivers\Rdwm1057.sys [2008-7-17 140930]
S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-26 198368]
=============== Created Last 30 ================
2011-01-30 15:45:12 135568 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-01-30 15:45:12 135568 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-24 15:45:18 -------- d-----w- c:\windows\system32\drivers\nss\0300010.008
2011-01-24 15:45:18 -------- d-----w- c:\windows\system32\drivers\NSS
2011-01-24 15:45:18 -------- d-----w- c:\program files\Norton Security Scan
2011-01-24 13:51:23 -------- d-sh--w- c:\documents and settings\hayes\IECompatCache
2011-01-24 13:50:18 -------- d-sh--w- c:\documents and settings\hayes\PrivacIE
2011-01-24 11:46:10 -------- d-sh--w- c:\documents and settings\hayes\IETldCache
2011-01-24 10:53:45 -------- d-----w- c:\windows\ie8updates
2011-01-24 10:53:11 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-24 10:53:07 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-24 10:53:05 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-24 10:49:30 -------- dc-h--w- c:\windows\ie8
==================== Find3M ====================
2011-01-07 1904 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-07 1902 472808 ----a-w- c:\windows\system32\deployJava1.dll
2008-07-10 16:07:08 278528 -c--a-w- c:\program files\common files\FDEUnInstaller.exe
============= FINISH: 19:38:13.93 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/07/2008 16:46:43
System Uptime: 21/02/2011 15:23:51 (4 hours ago)
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | uFC-PGA Socket | 997/166mhz
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | uFC-PGA Socket | 1995/166mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 93 GiB total, 11.006 GiB free.
D: is CDROM ()
G: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bluetooth Stack for Windows by Toshiba
Bonjour
CC_ccProxyExt
ccCommon
ccPxyCore
CD/DVD Drive Acoustic Silencer
Codec Pack - All In 1 6.0.2.6
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DirectX Media Runtime 5.1
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
ERUNT 1.1j
ESET Online Scanner v3
Free Mp3 Wma Converter V 1.7.3
Google Chrome
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB896243)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hyperprism 2.5.0
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
Java Auto Updater
Java(TM) 6 Update 23
l¯l warp
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Webcam Software
Logitech Webcam Software Driver Package
Macromedia Flash Player
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
mCore
mDrWiFi
Media Go
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIWA
mLogView
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.6.13)
mPfMgr
mPfWiz
mProSafe
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mXML
mZConfig
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton Security Scan
Norton WMI Update
Orange Livebox
PlayStation(R)Network Downloader
PlayStation(R)Store
Protector Suite 5.4
QuickTime
RealPlayer
RealUpgrade 1.0
Reason 4.0
Runtime 8.0 Libraries
SD Secure Module
Search Settings 1.2
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SEKD SampliTools DEQ
Skype Toolbars
Skype™ 5.0
Sonalksis Plug-Ins for Windows 2.04
Sony Ericsson PC Companion 1.50.52
Sony Ericsson PC Suite 6.011.00
Sony Vegas 4.0e
SoundMAX
SPBBC
Spotify
SymNet
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA Display Devices Change Utility
TOSHIBA HDD Protection
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA Manuals
TOSHIBA Password Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Boot Utility
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA TouchPad On/Off Utility V2.05.01
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VLC media player 0.9.2
WebFldrs XP
Windows Driver Package - Intel (w39n51) net (12/04/2005 10.1.0.13)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888622
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
WinRAR archiver
Wireless Hotkey
==== Event Viewer Messages From Past Week ========
16/02/2011 21:09:42, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
16/02/2011 21:09:42, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16/02/2011 21:09:01, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
16/02/2011 21:09:01, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16/02/2011 21:08:59, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
16/02/2011 00:34:42, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0018DECEFA5E. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
15/02/2011 22:05:24, error: Dhcp [1002] - The IP address lease 192.168.1.165 for the Network Card with network address 0018DECEFA5E has been denied by the DHCP server 10.89.43.241 (The DHCP Server sent a DHCPNACK message).
15/02/2011 21:30:49, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
15/02/2011 21:30:34, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Symantec Core LC service.
14/02/2011 15:49:17, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Norton Protection Center Service service to connect.
14/02/2011 15:49:16, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service NSCService with arguments "" in order to run the server: {09B7ADDC-8BF0-409B-8571-43E8EA2AAFA3}
==== End Of File ===========================
Attached Files
File Type: txt Gmer.txt (15.9 KB, 71 views)
Oberjeen is offline  
Sponsored Links
Advertisement
 
Old 02-21-2011, 02:37 PM   #4
TSF-Emeritus
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
__________________


Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
CatByte is offline  
Old 03-14-2011, 12:32 PM   #5
Registered Member
 
Join Date: Dec 2010
Posts: 23
OS: xp



Hi there. Here's the combofix log. It's only restored about half of the missing memory and that memory continues to diminish daily:

ComboFix 11-03-10.03 - Hayes 11/03/2011 12:27:34.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1015.358 [GMT 0:00]
Running from: c:\documents and settings\Hayes\Desktop\ComboFix.exe
AV: Norton Internet Security 2006 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-11 to 2011-03-11 )))))))))))))))))))))))))))))))
.
.
No new files created in this timespan
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-07 19:06 . 2011-01-07 19:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-07 19:06 . 2011-01-07 19:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-20 18:09 . 2010-12-21 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-12-21 21:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-07-10 16:07 . 2008-07-10 16:07 278528 -c--a-w- c:\program files\Common Files\FDEUnInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-03-29 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"TPSMain"="TPSMain.exe" [2006-03-21 299008]
"TPSODDCtl"="TPSODDCtl.exe" [2006-03-21 102400]
"TFNF5"="TFNF5.exe" [2006-03-17 593920]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-08-31 102400]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-21 1077330]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-03-30 262144]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 53096]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-02-24 30208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-11 202256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\documents and settings\Hayes\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Logitech . Product Registration.lnk - c:\program files\Logitech\QuickCam\eReg.exe [N/A]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-5-10 576000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-2-2 1753088]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-24 09:49 40448 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [27/12/2004 22:31 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [20/04/2006 09:15 6144]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [24/02/2006 10:01 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [24/02/2006 10:01 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [24/02/2006 09:34 3456]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [06/03/2006 18:28 98304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/12/2010 17:38 102448]
S2 gupdate1c9e95770df3e38;Google Update Service (gupdate1c9e95770df3e38);c:\program files\Google\Update\GoogleUpdate.exe [09/06/2009 23:09 133104]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [13/06/2010 00:04 90112]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [20/04/2006 09:14 35968]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
S3 RDID1008;Roland PC-300;c:\windows\system32\drivers\Rdwm1008.sys [12/10/2009 15:34 79393]
S3 RDID1057;EDIROL UA-1EX;c:\windows\system32\drivers\Rdwm1057.sys [17/07/2008 14:08 140930]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
2010-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]
.
2011-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 23:09]
.
2011-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 23:09]
.
2011-02-26 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Hayes.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-06 11:13]
.
2011-03-08 c:\windows\Tasks\Norton Security Scan for Hayes.job
- c:\program files\Norton Security Scan\Engine\3.0.1.8\Nss.exe [2011-01-24 14:06]
.
2011-03-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1977559116-1400872135-1228461938-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
2011-03-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1977559116-1400872135-1228461938-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
2008-07-10 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-04-19 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Hayes\Application Data\Mozilla\Firefox\Profiles\iiz4q7c7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-UniblueRegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-11 13:01
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\biokmd.dll
c:\program files\Protector Suite QL\mysafe.dll
.
- - - - - - - > 'explorer.exe'(5712)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TODDSrv.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSODDCtl.exe
c:\windows\system32\TFNF5.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSBattM.exe
c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
c:\windows\system32\thpsrv.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-03-11 13:11:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-11 13:11
ComboFix2.txt 2010-12-21 20:52
.
Pre-Run: 2,619,756,544 bytes free
Post-Run: 10,624,319,488 bytes free
.
- - End Of File - - 68BAE7573532A136A3937F74073DD5BF
Oberjeen is offline  
Old 03-14-2011, 04:22 PM   #6
TSF-Emeritus
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Hi

After checking your log I can tell you that your issues are not malware related.

Please start a new thread in the hardware forum for your OS and hopefully our expert techs will be able to resolve the remaining issues for you

thank-you


to clean up combo fix > press the WinKey + R to open a run box > copy/paste the following into the run box > press OK

ComboFix /uninstall


thank-you
__________________


Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
CatByte is offline  
Old 03-16-2011, 01:16 PM   #7
Registered Member
 
Join Date: Dec 2010
Posts: 23
OS: xp



will do. Thanks a lot,
S
Oberjeen is offline  
Old 03-19-2011, 03:48 PM   #8
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Since this issue appears resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

Surf Safely, and Think Prevention!
__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:59 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts