1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Toshiba will only work correctly in safe mode

Discussion in 'Malware and Virus Removal Archive' started by dano259, 2010/03/03.

  1. 2010/03/03
    dano259

    dano259 Inactive Thread Starter

    Joined:
    2010/03/03
    Messages:
    1
    Likes Received:
    0
    [Active] Toshiba will only work correctly in safe mode

    recently my computer has began to freeze at random times. If i am using Firefox or IE it freezes after about 5 minutes on it and even ifi end the process it continues to show up until i have to hard reset the entire thing. I have tried to scan it using avg but it will freeze about 60% through the scan and won't respond to anything. I run Xbox Live through my computer using the Ethernet port and even when this freezes, it does not effect the internet connection on the Xbox.


    DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
    Run by Danny at 18:46:18.67 on Wed 03/03/2010
    Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_14
    Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6001.1.1252.1.1033.18.2939.2345 [GMT -5:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\System32\wercon.exe
    C:\Users\Danny\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    uRun: [TOSCDSPD] TOSCDSPD.EXE
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe "
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [cfFncEnabler.exe] cfFncEnabler.exe
    mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [Skytel] Skytel.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\soundc~1.lnk - c:\program files\soundcrank\SoundcrankLoader.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\danny\appdata\roaming\mozilla\firefox\profiles\voyzfnz3.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?v=18&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://japanese.about.com/library/blsjp.htm
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - plugin: c:\program files\byond\bin\npbyond.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\skyhook wireless\loki browser plugin\versions\3.1.0.05\nploki.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSvx.sys [2010-2-9 25608]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-2-9 161800]
    R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-2-9 24856]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-9 360584]
    R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-4-26 20384]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
    S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-9 333192]
    S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-9 28424]
    S2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-2-9 906520]
    S2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-9 285392]
    S2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-2-9 2304192]
    S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-2-9 5832712]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
    S2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]
    S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
    S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSDriver.sys [2010-2-9 122376]
    S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSFilter.sys [2010-2-9 30216]
    S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSShim.sys [2010-2-9 27800]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-30 30192]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-4-26 954368]
    S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]

    =============== Created Last 30 ================

    2010-03-01 17:31:28 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-03-01 17:30:55 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-03-01 17:30:54 511488 ----a-w- c:\windows\system32\RMActivate.exe
    2010-03-01 17:30:51 472576 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-03-01 17:30:51 472064 ----a-w- c:\windows\system32\secproc.dll
    2010-03-01 17:30:51 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-03-01 17:30:51 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-03-01 17:30:50 329216 ----a-w- c:\windows\system32\msdrm.dll
    2010-03-01 17:30:50 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-03-01 17:30:50 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-02-15 16:16:14 0 d-----w- C:\e9297e1416d063bf05a0
    2010-02-15 16:15:31 0 d-----w- c:\windows\CheckSur
    2010-02-10 15:47:59 301568 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-02-10 15:47:58 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-02-10 15:28:18 0 d-----w- C:\Intel
    2010-02-10 15:27:30 0 d-----w- c:\users\danny\appdata\roaming\WinBatch
    2010-02-10 15:03:03 65536 --sha-w- c:\users\danny\ntuser.dat{33c2517c-164f-11df-99cb-001e33b9c06f}.TM.blf
    2010-02-10 15:03:03 524288 --sha-w- c:\users\danny\ntuser.dat{33c2517c-164f-11df-99cb-001e33b9c06f}.TMContainer00000000000000000002.regtrans-ms
    2010-02-10 15:03:03 524288 --sha-w- c:\users\danny\ntuser.dat{33c2517c-164f-11df-99cb-001e33b9c06f}.TMContainer00000000000000000001.regtrans-ms
    2010-02-10 14:29:31 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-02-10 14:29:31 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-10 04:01:20 65536 --sha-w- c:\users\danny\ntuser.dat{4c51bf51-142f-11df-9270-001e33b9c06f}.TxR.blf
    2010-02-10 04:01:20 1048576 --sha-w- c:\users\danny\ntuser.dat{4c51bf51-142f-11df-9270-001e33b9c06f}.TxR.2.regtrans-ms
    2010-02-10 04:01:20 1048576 --sha-w- c:\users\danny\ntuser.dat{4c51bf51-142f-11df-9270-001e33b9c06f}.TxR.1.regtrans-ms
    2010-02-10 04:01:20 1048576 --sha-w- c:\users\danny\ntuser.dat{4c51bf51-142f-11df-9270-001e33b9c06f}.TxR.0.regtrans-ms
    2010-02-09 23:17:58 25608 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
    2010-02-09 23:17:58 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-02-09 23:17:56 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-02-09 23:17:55 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-02-09 23:17:46 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-02-09 23:17:43 0 d-----w- c:\windows\system32\drivers\Avg
    2010-02-09 23:15:49 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
    2010-02-09 18:57:49 0 d--h--w- C:\$AVG
    2010-02-09 18:57:07 0 d-----w- c:\program files\AVG
    2010-02-09 18:57:04 0 d-----w- c:\programdata\avg9
    2010-02-07 22:36:33 524288 --sha-w- c:\users\danny\ntuser.dat{4c51bf52-142f-11df-9270-001e33b9c06f}.TMContainer00000000000000000002.regtrans-ms
    2010-02-07 22:36:32 65536 --sha-w- c:\users\danny\ntuser.dat{4c51bf52-142f-11df-9270-001e33b9c06f}.TM.blf
    2010-02-07 22:36:32 524288 --sha-w- c:\users\danny\ntuser.dat{4c51bf52-142f-11df-9270-001e33b9c06f}.TMContainer00000000000000000001.regtrans-ms
    2010-02-07 22:32:22 0 d-----w- c:\windows\system32\wbem\repository
    2010-02-07 22:32:04 0 d-----w- c:\windows\registration
    2010-02-07 19:40:19 65536 --sha-w- c:\users\danny\ntuser.dat{9e453d5f-141e-11df-88db-001e33b9c06f}.TM.blf
    2010-02-07 19:40:19 524288 --sha-w- c:\users\danny\ntuser.dat{9e453d5f-141e-11df-88db-001e33b9c06f}.TMContainer00000000000000000002.regtrans-ms
    2010-02-07 19:40:19 524288 --sha-w- c:\users\danny\ntuser.dat{9e453d5f-141e-11df-88db-001e33b9c06f}.TMContainer00000000000000000001.regtrans-ms

    ==================== Find3M ====================

    2010-03-02 21:58:46 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-03-02 21:58:44 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-02-10 15:29:11 86016 ----a-w- c:\windows\inf\infstor.dat
    2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
    2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-12-28 12:35:50 11776 ----a-w- c:\windows\system32\tsbyuv.dll
    2009-12-28 12:35:00 1314816 ----a-w- c:\windows\system32\quartz.dll
    2009-12-28 12:32:34 22528 ----a-w- c:\windows\system32\msyuv.dll
    2009-12-28 12:32:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
    2009-12-28 12:32:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
    2009-12-28 12:32:25 13312 ----a-w- c:\windows\system32\msrle32.dll
    2009-12-28 12:31:22 82944 ----a-w- c:\windows\system32\mciavi32.dll
    2009-12-28 12:31:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll
    2009-12-28 12:28:43 91136 ----a-w- c:\windows\system32\avifil32.dll
    2009-12-28 12:28:43 65024 ----a-w- c:\windows\system32\avicap32.dll
    2009-12-08 20:52:17 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2009-12-08 20:52:16 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
    2008-09-30 19:36:56 665600 ----a-w- c:\windows\inf\drvindex.dat
    2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-10-14 13:49:03 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-10-17 16:24:24 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-07-25 00:14:53 13 --sh--r- c:\windows\system32\drivers\fbd.sys

    ============= FINISH: 18:47:46.98 ===============
     
    dano259,
    #1
  2. 2010/03/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
     
    broni,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...