JammingJapanSumoSoul

Members
  • Content count

    14
  • Joined

  • Last visited

About JammingJapanSumoSoul

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. I did the above and the disk check literally lasted all of 5 seconds. This can be closed now anyways. Thanks a lot for your help. In the end I decided the hardware issues, CD drive broken, battery dead, power supply starting to have blue sparks coming out of it, warranted a new laptop. I have my Kaspersky installed and going to download MWB in a sec to stay safe Thanks again JJSS
  2. Sorry to add to the above, would a cprrupt userprofile cause Malwarebytes to stop halfway through and also cause my Kasperky full scanner to shut down my laptop? Also stop Superantiapyware from loading up?
  3. Yes the hardware problems are annoying but cheap to solve. corrupt userprofile? That sounds a lot nice than malware related. Like I said, I"m pretty careful what I do online and Kasperky is very good at protecting the computer. IF the power supply stays online, I"ll be online for around 4 more hours. How do I run a checkdisk utility for disk errors? How long does it take? cAn I use the laptop whilst it's running?
  4. I'd like to fix this laptop but I might be resigned to buying a new one. I'll keep plugging away at it but my battery lasts 5 minutes at best, power supply unit has a dodgy connection and keeps stopping meaning I can't use the laptop and the disk drive is broken. This might be the straw that broke the camel's back. Any idea what the problem might be?
  5. There is no folder named dave. There is a dave's documents in My Computer but in the C: Drive there is only the Admin and Inadmin folder
  6. Administrator, All Users, inadmin, Intel, Misato, TEMP, Temp.CWIIANC, temp.CWIIANC08 (2), Temp.CWIIANC.000, Temp.CWIIANC.001, Temp.CWIIANC.002, Temp.CWIIANC.003, Temp.CWIIANC.004, Temp.CWIIANC.005, Temp.CWIIANC.006, Temp.CWIIANC.007, Temp.CWIIANC.008, Temp.CWIIANC.009, Temp.CWIIANC.010 That's all the folders I can see
  7. Two names: Dave (admin) Misato (never ever used)
  8. I always use Admin userprofile. I think the actual name of the profile is my name
  9. ComboFix 10-08-19.02 - inadmin 1/2010 Sat 9:03.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.502.200 [GMT 9:00] Running from: c:\documents and settings\inadmin\My Documents\Downloads\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\inadmin\Application Data\MSA c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\system32\Temp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS ((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 ))))))))))))))))))))))))))))))) . 2010-08-19 07:50 . 2010-04-29 06:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-19 07:50 . 2010-04-29 06:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-19 00:22 . 2010-08-19 00:22 -------- d-----w- c:\windows\system32\wbem\Repository 2010-08-19 00:18 . 2010-08-19 00:18 -------- d-----w- c:\windows\system32\wbem\Repository.tmp 2010-08-18 22:10 . 2010-08-18 22:10 -------- d-----w- c:\documents and settings\TEMP.CWIIANC.009\IETldCache 2010-08-18 21:59 . 2010-08-19 00:19 -------- d-s---w- c:\documents and settings\TEMP.CWIIANC.009 2010-08-16 22:45 . 2010-08-19 00:18 -------- d-----w- c:\documents and settings\TEMP.CWIIANC.008\Local Settings\Application Data\Microsoft 2010-08-16 22:39 . 2010-08-19 00:19 -------- d-s---w- c:\documents and settings\TEMP.CWIIANC.008 2010-08-09 11:28 . 2010-08-19 07:33 -------- d-----w- c:\documents and settings\inadmin\Application Data\Azureus 2010-08-09 11:24 . 2010-08-09 11:24 -------- d-----w- c:\documents and settings\inadmin\Local Settings\Application Data\Conduit 2010-08-09 11:24 . 2010-08-09 11:24 -------- d-----w- c:\program files\Conduit 2010-07-29 13:55 . 2010-07-29 13:55 -------- d-----w- c:\program files\iPod 2010-07-29 13:54 . 2010-07-29 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-07-29 13:54 . 2010-07-29 14:14 -------- d-----w- c:\program files\iTunes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-20 23:47 . 2007-11-04 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2010-08-19 11:40 . 2010-08-19 11:40 503808 ----a-w- c:\documents and settings\inadmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11827ad7-n\msvcp71.dll 2010-08-19 11:40 . 2010-08-19 11:40 499712 ----a-w- c:\documents and settings\inadmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11827ad7-n\jmc.dll 2010-08-19 11:40 . 2010-08-19 11:40 61440 ----a-w- c:\documents and settings\inadmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-21e058a1-n\decora-sse.dll 2010-08-19 11:40 . 2010-08-19 11:40 348160 ----a-w- c:\documents and settings\inadmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11827ad7-n\msvcr71.dll 2010-08-19 11:40 . 2010-08-19 11:40 12800 ----a-w- c:\documents and settings\inadmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-21e058a1-n\decora-d3d.dll 2010-08-19 11:40 . 2006-02-06 21:36 -------- d-----w- c:\program files\Java 2010-08-19 11:08 . 2007-11-03 12:16 -------- d-----w- c:\program files\TVAnts 2010-08-19 11:05 . 2008-11-06 12:28 -------- d-----w- c:\program files\uTorrent 2010-08-19 11:04 . 2007-05-04 02:09 -------- d-----w- c:\documents and settings\inadmin\Application Data\uTorrent 2010-08-19 09:54 . 2009-01-13 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-18 22:46 . 2010-08-18 22:46 303376 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\avp.exe 2010-08-18 22:46 . 2010-08-18 22:46 166416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\prloader.dll 2010-08-18 22:45 . 2010-08-18 22:45 170584 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\prloader.dll 2010-08-18 22:45 . 2010-08-18 22:45 311680 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\avp.exe 2010-08-09 12:40 . 2010-08-09 12:39 4177856 ----a-w- c:\documents and settings\inadmin\Application Data\Azureus\plugins\azemp\vuzeplayer.exe 2010-08-09 11:31 . 2010-08-09 11:31 310208 ----a-w- c:\documents and settings\inadmin\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe 2010-08-06 03:29 . 2007-04-05 17:10 -------- d-----w- c:\program files\CCleaner 2010-07-30 12:40 . 2009-07-04 00:15 97549 ----a-w- c:\windows\system32\drivers\klick.dat 2010-07-30 12:40 . 2009-07-04 00:15 113933 ----a-w- c:\windows\system32\drivers\klin.dat 2010-07-29 13:55 . 2008-02-06 15:56 -------- d-----w- c:\program files\Common Files\Apple 2010-07-26 14:36 . 2007-04-15 12:00 -------- d-----w- c:\documents and settings\inadmin\Application Data\Skype 2010-07-26 10:01 . 2009-07-26 10:31 -------- d-----w- c:\documents and settings\inadmin\Application Data\skypePM 2010-07-21 07:30 . 2010-07-21 07:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-07-17 13:54 . 2007-12-23 08:00 -------- d-----w- c:\program files\Free Internet Window Washer 2010-07-17 13:51 . 2006-02-06 21:24 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-17 13:44 . 2007-04-20 15:18 -------- d-----w- c:\program files\Yahoo! 2010-07-16 20:00 . 2010-04-19 12:55 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-15 12:52 . 2010-07-15 12:52 -------- d-----w- c:\program files\QuickTime 2010-07-15 12:52 . 2010-07-12 06:13 -------- d-----w- c:\program files\QuickTime(2) 2010-07-06 14:21 . 2010-03-28 22:22 439816 ----a-w- c:\documents and settings\inadmin\Application Data\Real\Update\setup3.10\setup.exe 2010-06-30 12:31 . 2006-02-06 12:57 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2006-02-06 12:57 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44 . 2006-02-06 12:57 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2006-02-06 12:57 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-19 11:42 . 2010-06-19 11:42 5642000 ----a-w- c:\documents and settings\inadmin\Application Data\TVU Networks\TVU AutoUpgrade\TVUPlayer2.5.3.1.exe 2010-06-17 14:03 . 2006-02-06 12:57 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-15 13:16 . 2010-06-15 13:16 129624 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll 2010-06-14 14:31 . 2006-02-06 21:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2006-02-06 12:57 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-08-04 21:28 . 2007-05-07 23:26 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2009-07-04 00:20 . 2009-07-04 00:20 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] "Google Update"="c:\documents and settings\inadmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-31 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 61952] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940] "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-27 1589248] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322] "TPSMain"="TPSMain.exe" [2005-06-01 282624] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-04 30192] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152] "FCTICoUpd"="c:\progra~1\NTTW\FLETSC~1\icoupd.exe" [2007-12-14 83376] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-19 198160] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "FCTLoginWatcher"="c:\progra~1\NTTW\FLETSC~1\FCToolW.exe" [2008-08-26 697776] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] ImageMixer 3 SE Camera Monitor Ver.3.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe [2009-10-10 253952] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-7 155648] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-03 05:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fwMDialer] 2008-03-02 15:58 94208 ----a-w- c:\windows\system32\MultiDialerMain.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\inadmin\\Desktop\\Programs\\utorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 1:50 PM 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 1:50 PM 55024] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [6/8/2009 9:38 PM 17152] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/8/2007 8:25 AM 30192] S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/19/2010 4:50 PM 38224] S3 PAC7311;CMS-V19;c:\windows\system32\drivers\PA707UCM.SYS [10/18/2005 11:48 AM 154752] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 1:50 PM 7408] . Contents of the 'Scheduled Tasks' folder 2010-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 03:34] 2010-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507736718-1475498009-266197039-1006Core.job - c:\documents and settings\inadmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-31 07:30] 2010-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507736718-1475498009-266197039-1006UA.job - c:\documents and settings\inadmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-31 07:30] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.co.jp/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://pc.support.global.toshiba.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm TCP: {D0CB6AC6-5359-4E3A-A5C5-55EA361D84F5} = 221.113.139.147 202.234.233.211 DPF: {287C8635-2B41-11D2-8769-00000E4E0AD6} - hxxp://www.kitapri.net/pu2/inst/BFup.CAB DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.pdbox.co.kr:8057/AFCStarter.cab FF - ProfilePath - c:\documents and settings\inadmin\Application Data\Mozilla\Firefox\Profiles\5krapx2z.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - bbc.co.uk FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\documents and settings\inadmin\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHANS REMOVED - - - - Notify-NavLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-21 09:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\RemoteAccess\Profile\?0??0?0 *IQ?0?0?0?0 *?0??0?0?`1X?0?0?0] "EnableAutodisconnect"=dword:00000000 "DisconnectIdleTime"=dword:00000014 "EnableExitDisconnect"=dword:00000000 "RedialAttempts"=dword:0000000a "RedialWait"=dword:00000005 [HKEY_USERS\S-1-5-21-507736718-1475498009-266197039-1006\RemoteAccess\Profile\?0??0?0 *IQ?0?0?0?0 *?0??0?0?`1X?0?0?0] "AutoConnect"=dword:00000000 [HKEY_LOCAL_MACHINE\software\Classes\P*h*o*t*o*b*o*o*k* *D*e*s*i*g*n*e*r*??T\DefaultIcon] @="c:\\Program Files\\KITAMURA\\PGW\\ChokkoubinEXv1.exe,0" [HKEY_LOCAL_MACHINE\software\Classes\P*h*o*t*o*b*o*o*k* *D*e*s*i*g*n*e*r*??T\shell\open\command] @="c:\\Program Files\\KITAMURA\\PGW\\ChokkoubinEXv1.exe \"%1\"" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1244) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\windows\system32\MultiDialerMain.dll - - - - - - - > 'explorer.exe'(3180) c:\windows\system32\WININET.dll c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\conime.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\System32\PAStiSvc.exe c:\program files\Synaptics\SynTP\Toshiba.exe c:\windows\system32\TPSMain.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\TPSBattM.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\iPod\bin\iPodService.exe c:\documents and settings\inadmin\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe . ************************************************************************** . Completion time: 2010-08-21 09:34:01 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-21 00:33 Pre-Run: 7,577,985,024 bytes free Post-Run: 7,397,208,064 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 3A4B18A7A1505EF5705729D0E64E9B43 Other than the problems I've already mentioned, my laptop won't let me re-install itunes either. Do you still need the other scan, the GMER one? Please let me know and I'll do it later and paste the results. Couldn't do it last night as it was taking too long. Thanks for all the help so far though
  10. OTL logfile created on: 8/20/2010 11:22:32 PM - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\inadmin\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy Here you go. The OTL scan 502.00 Mb Total Physical Memory | 204.00 Mb Available Physical Memory | 41.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.88 Gb Total Space | 7.18 Gb Free Space | 12.85% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CWIIANC Current User Name: inadmin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/08/20 23:22:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\inadmin\My Documents\Downloads\OTL.exe PRC - [2010/07/31 09:18:11 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010/03/18 21:51:23 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe PRC - [2009/09/19 23:52:48 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2008/09/16 17:52:18 | 001,209,776 | ---- | M] (???????????) -- C:\Program Files\NTTW\FletsConnectionTool\fct.exe PRC - [2008/04/28 15:49:36 | 000,253,952 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe PRC - [2008/04/14 09:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/04/04 10:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2006/01/28 07:13:58 | 001,589,248 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\TOSHIBA\Windows Utilities\Hotkey.exe PRC - [2005/12/17 02:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe PRC - [2005/12/06 15:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe PRC - [2005/12/05 14:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2005/11/28 23:55:50 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe PRC - [2005/11/28 13:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2005/11/28 13:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2005/11/28 13:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PRC - [2005/11/28 13:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2005/11/28 13:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2005/10/06 22:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2005/06/01 14:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe PRC - [2005/06/01 13:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe PRC - [2005/04/27 09:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe PRC - [2005/01/18 02:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe PRC - [2004/12/30 17:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe PRC - [2004/08/28 10:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe PRC - [2004/08/28 10:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe ========== Modules (SafeList) ========== MOD - [2010/08/20 23:22:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\inadmin\My Documents\Downloads\OTL.exe MOD - [2008/04/14 09:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010/08/19 07:46:20 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP) SRV - [2010/08/05 06:28:43 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108) SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2005/11/28 13:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel® SRV - [2005/11/28 13:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel® SRV - [2005/11/28 13:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel® SRV - [2005/01/18 02:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator) SRV - [2004/08/28 10:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk) DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak) DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2009/07/10 21:37:39 | 000,296,976 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2009/07/10 21:37:39 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2009/05/16 20:59:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009/05/13 17:46:52 | 000,031,760 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2008/12/15 20:41:32 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg) DRV - [2008/12/04 13:50:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2008/12/04 13:50:04 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2008/12/04 13:50:02 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2008/04/14 01:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/02/12 10:48:06 | 000,017,152 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bfturboh.sys -- (bfturboh) DRV - [2007/12/06 10:56:18 | 000,042,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PPPoEWin.SYS -- (PPPoEWin) DRV - [2006/01/13 09:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr) DRV - [2005/12/30 00:20:38 | 000,561,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService) DRV - [2005/12/17 02:15:06 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005/12/05 11:55:30 | 001,428,096 | ---- | M] (Intel
  11. Here are the two logs. I tried to run GMER Rootkit scanner but the computer crashed!! "Windows has been shut down to protect your computer etcetc" STOP 0x00000003 (0x00000003, 0x82C6FB98, 0x82C6FD06, 0x805FB146) They were the codes I saw. Log Files of DDS DDS (Ver_10-03-17.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 3/24/2007 3:44:04 AM System Uptime: 8/19/2010 8:21:39 PM (0 hours ago) Motherboard: TOSHIBA | | Satellite L100 Processor: Genuine Intel® CPU T1350 @ 1.86GHz | U2E1 | 1862/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 56 GiB total, 7.355 GiB free. ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP595: 5/17/2010 8:21:42 AM - System Checkpoint RP596: 5/21/2010 8:34:22 AM - System Checkpoint RP597: 5/22/2010 7:52:42 PM - System Checkpoint RP598: 5/27/2010 10:51:12 PM - System Checkpoint RP599: 5/28/2010 12:22:37 AM - Software Distribution Service 3.0 RP600: 5/29/2010 8:59:09 AM - System Checkpoint RP601: 6/1/2010 9:50:48 PM - System Checkpoint RP602: 6/2/2010 10:23:24 PM - System Checkpoint RP603: 6/4/2010 9:02:02 AM - System Checkpoint RP604: 6/5/2010 8:32:35 AM - Software Distribution Service 3.0 RP605: 6/7/2010 1:25:33 PM - System Checkpoint RP606: 6/9/2010 8:11:57 AM - Software Distribution Service 3.0 RP607: 6/10/2010 10:37:57 PM - System Checkpoint RP608: 6/14/2010 9:13:12 PM - System Checkpoint RP609: 6/15/2010 11:44:47 PM - System Checkpoint RP610: 6/17/2010 9:49:14 PM - Software Distribution Service 3.0 RP611: 6/21/2010 12:47:54 PM - System Checkpoint RP612: 6/23/2010 9:36:21 PM - System Checkpoint RP613: 6/23/2010 9:57:33 PM - Software Distribution Service 3.0 RP614: 6/26/2010 8:21:52 PM - System Checkpoint RP615: 6/27/2010 9:32:22 PM - System Checkpoint RP616: 6/29/2010 9:03:19 PM - System Checkpoint RP617: 7/1/2010 11:35:06 PM - System Checkpoint RP618: 7/5/2010 9:23:51 PM - System Checkpoint RP619: 7/11/2010 9:39:32 AM - System Checkpoint RP620: 7/12/2010 3:07:22 PM - Installed QuickTime RP621: 7/14/2010 12:48:21 PM - System Checkpoint RP622: 7/15/2010 7:38:19 AM - Software Distribution Service 3.0 RP623: 7/15/2010 9:49:39 PM - Restore Operation RP624: 7/16/2010 9:37:40 PM - Software Distribution Service 3.0 RP625: 7/17/2010 10:49:18 PM - Configured VeohTV BETA RP626: 7/21/2010 8:20:29 AM - System Checkpoint RP627: 7/22/2010 11:24:21 PM - System Checkpoint RP628: 7/25/2010 9:52:44 PM - System Checkpoint RP629: 7/29/2010 10:39:46 PM - Installed iTunes RP630: 7/31/2010 9:25:08 PM - System Checkpoint RP631: 8/2/2010 9:04:15 PM - System Checkpoint RP632: 8/3/2010 9:37:29 PM - Software Distribution Service 3.0 RP633: 8/8/2010 5:48:14 PM - System Checkpoint RP634: 8/9/2010 7:15:02 PM - System Checkpoint RP635: 8/11/2010 9:16:45 PM - Software Distribution Service 3.0 RP636: 8/12/2010 7:46:47 AM - Software Distribution Service 3.0 RP637: 8/13/2010 11:43:27 AM - System Checkpoint RP638: 8/14/2010 7:29:06 PM - System Checkpoint RP639: 8/16/2010 7:38:24 PM - System Checkpoint RP640: 8/17/2010 7:58:52 AM - Restore Operation RP641: 8/19/2010 7:20:10 AM - Restore Operation RP642: 8/19/2010 9:22:57 AM - Restore Operation RP643: 8/19/2010 8:39:17 PM - Installed Java 6 Update 21 ==== Installed Programs ====================== Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 7.0.9 Adobe Reader Japanese Fonts Adobe Shockwave Player Apple Application Support Apple Mobile Device Support Apple Software Update AutoUpdate AviSynth 2.5 Bonjour BUFFALO Disk Manager BUFFALO eco????? for HD BUFFALO INC. DISK FORMATTER BUFFALO SecureLock +Guard BUFFALO TurboUSB for FLASH/HDD CANON iMAGE GATEWAY ?????? MP610 Canon MP Navigator EX 1.0 Canon MP610 series Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu Canon ?? ???? CCleaner CD/DVD Drive Acoustic Silencer CMS-V19 Conexant HD Audio Critical Update for Windows Media Player 11 (KB959772) Defraggler DigiBookBrowser Version 0.8.3.0 DigiBookTools DivX Codec DivX Converter DivX Player DivX Web Player DVD-RAM Driver FINALDATA2007 ????? ??? Google Chrome Google Desktop HDAUDIO Soft Data Fax Modem with SmartCP High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) ImageMixer 3 SE Ver.3 iMi????? Intel® Graphics Media Accelerator Driver Intel® PROSet/Wireless Software InterVideo WinDVD Creator 2 InterVideo WinDVD for TOSHIBA iTunes J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 Java Auto Updater Java 6 Update 2 Java 6 Update 21 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Java SE Runtime Environment 6 Update 1 Junk Mail filter update Kaspersky Internet Security 2010 Kaspersky Online Scanner LiveUpdate 2.6 (Symantec Corporation) Malwarebytes' Anti-Malware mCore mDrWiFi mHelp Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft AppLocale Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 SR-1 Professional Microsoft Office OneNote 2003 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Windows Application Compatibility Database mIWA mLogView mMHouse MobileMe Control Panel Mozilla Firefox (3.5.11) mPfMgr mPfWiz mProSafe MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) mWlsSafe mXML mZConfig OneCare Advisor (Windows Live Toolbar) OpenOffice.org Installer 1.0 PC Tune-Up Popup Blocker (Windows Live Toolbar) Qkbfiltr QuickTime RealPlayer REALTEK Gigabit and Fast Ethernet NIC Driver Safari Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Segoe UI Skype web features Skype? 4.1 Smart Menus (Windows Live Toolbar) Sonic DLA SUPERAntiSpyware Free Edition Synaptics Pointing Device Driver TeLL me More CJ TOSHIBA Assist TOSHIBA ConfigFree Toshiba Hotkey Utility TOSHIBA PC Diagnostic Tool TOSHIBA Power Saver TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 Toshiba Touchpad Utility Toshiba Utility TOSHIBA Zooming Utility Touch and Launch Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB969497) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VideoLAN VLC media player 0.8.6b Videora iPod Converter 5.03 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Favorites for Windows Live Toolbar Windows Live Mail Windows Live Messenger Windows Live OneCare safety scanner Windows Live Outlook Toolbar (Windows Live Toolbar) Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Toolbar Extension (Windows Live Toolbar) Windows Live Toolbar Feed Detector (Windows Live Toolbar) Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 Yahoo! Browser Services Yahoo! Install Manager Yahoo! Internet Mail YouTube Downloader App 2.03 ????????Lite ????????? ?????????PLUS ????????? ????CD????????? for Canon ???????????? ????Lite ==== Event Viewer Messages From Past Week ======== 8/19/2010 8:52:05 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file explorer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512. 8/15/2010 9:56:02 AM, error: Service Control Manager [7022] - The Kaspersky Internet Security service hung on starting. 8/15/2010 10:03:15 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service. 8/14/2010 9:20:43 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period. 8/14/2010 8:39:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd 8/13/2010 12:01:49 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service. 8/12/2010 4:39:13 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001636C103EC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 8/12/2010 12:38:01 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code. ==== End Of File =========================== DDS (Ver_10-03-17.01) - NTFSx86 Run by inadmin at 20:43:13.15 on 08/19/2010 Thu Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.502.211 [GMT 9:00] AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\NTTW\FletsConnectionTool\fct.exe C:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\conime.exe C:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\inadmin\My Documents\Downloads\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.co.jp/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://pc.support.global.toshiba.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\toscdspd.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe uRun: [Google Update] "c:\documents and settings\inadmin\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe" mRun: [smoothView] "c:\program files\toshiba\toshiba zooming utility\SmoothView.exe" mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en mRun: [PadTouch] "c:\program files\toshiba\touch and launch\PadExe.exe" mRun: [TPSMain] TPSMain.exe mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] "c:\windows\system32\ime\pintlgnt\ImScInst.exe" /SYNC mRun: [PHIME2002ASync] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /SYNC mRun: [PHIME2002A] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /IMEName mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [FCTICoUpd] c:\progra~1\nttw\fletsc~1\icoupd.exe mRun: [CheckPoint Cleanup] c:\docume~1\inadmin\locals~1\temp\cpes_clean_launcher.exe c:\docume~1\inadmin\locals~1\temp\cpes_clean.exe -restarted -s -noreboot mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mExplorerRun: [FCTLoginWatcher] c:\progra~1\nttw\fletsc~1\FCToolW.exe -init -run StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.3\CameraMonitor.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe mPolicies-system: EnableLUA = 0 (0x0) IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab DPF: {287C8635-2B41-11D2-8769-00000E4E0AD6} - hxxp://www.kitapri.net/pu2/inst/BFup.CAB DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175758081656 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175758072781 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.pdbox.co.kr:8057/AFCStarter.cab TCP: {D0CB6AC6-5359-4E3A-A5C5-55EA361D84F5} = 221.113.139.147 202.234.233.211 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: fwMDialer - MultiDialerMain.dll Notify: igfxcui - igfxdev.dll Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dl c:\progra~1\kasper~1\kasper~1\kloehk.dll c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\inadmin\applic~1\mozilla\firefox\profiles\5krapx2z.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - bbc.co.uk FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - component: c:\documents and settings\inadmin\application data\mozilla\firefox\profiles\5krapx2z.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll FF - component: c:\documents and settings\inadmin\application data\mozilla\firefox\profiles\5krapx2z.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\documents and settings\inadmin\application data\mozilla\firefox\profiles\5krapx2z.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\documents and settings\inadmin\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\tvuplayer\npTVUAx.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); ============= SERVICES / DRIVERS =============== R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-5-24 128016] R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-7-4 296976] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024] R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-5-25 311680] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-28 54752] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?] S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2009-6-8 17152] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-5-8 30192] S3 icsak;icsak;\??\c:\program files\checkpoint\zaforcefield\ak\icsak.sys --> c:\program files\checkpoint\zaforcefield\ak\icsak.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-8-19 38224] S3 PAC7311;CMS-V19;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408] =============== Created Last 30 ================ 2010-08-19 11:18:37 0 ----a-w- c:\documents and settings\inadmin\defogger_reenable 2010-08-19 07:50:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-19 07:50:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-19 00:22:24 0 d-----w- c:\windows\system32\wbem\Repository 2010-08-19 00:18:54 0 d-----w- c:\windows\system32\wbem\Repository.tmp 2010-08-09 11:28:42 0 d-----w- c:\docume~1\inadmin\applic~1\Azureus 2010-08-09 11:24:14 0 d-----w- c:\program files\Conduit 2010-07-29 13:55:22 0 d-----w- c:\program files\iPod 2010-07-29 13:54:57 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-07-29 13:54:56 0 d-----w- c:\program files\iTunes ==================== Find3M ==================== 2010-07-30 12:40:39 97549 ----a-w- c:\windows\system32\drivers\klick.dat 2010-07-30 12:40:39 113933 ----a-w- c:\windows\system32\drivers\klin.dat 2010-07-16 20:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll 2008-09-18 23:20:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091920080920\index.dat 2009-07-04 00:20:51 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat ============= FINISH: 20:44:58.15 ===============
  12. OK, I've tried MWB again, definitely not running through. I have Super Anit Spyware installed as well and that won't start up. When I try a full scan with Kaspersky, the laptop shuts down after about 5 minutes into the scan. I tried to open the computer in safe mode and it won't let me. A blue screen comes up with an error warning and says the process has been stopped for the laptop's safety, that can't be good. I am about to try the defogger and the other thing recommended in the try first thread.
  13. I've read the what to do thread and I'll do all that tonight and try post the results later. Re-installed MWB but it always says it encountered a problem and has to stop.
  14. Occasionally when I start up my laptop and enter my password on the profile screen, it takes me to a basic set-up with standard wallpaper and all my files bar firefox, IE and a few other icons have disappeared. If I go to the start menu all the programs installed on my machine are still there and if I do a search, I can find all the files. This problem goes away if I do a system restore and tends to happen after I update my virus software (Kaspersky) or after a windows updae it seems to happen a lot. Today I tried to run Malwarebytes quick and full scan but it stopped for some reason, the quick scan stopped after 6-8 minutes and the full scan after 1 hour and 45 minutes (give or take). Any recommendations? What should I run next and post and I can't post a Malwarebytes scan (I did the renaming trick too). This has been a bit of an on-going problem but it's got worse recently. I have previously run my Kaspersky scan and Malwaregytes and they both have never picked up anything nasty at all. Thanks