Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Continuous virus warnigs, error messages....

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Continuous virus warnigs, error messages....

Unread postby GeniusMagic » May 18th, 2009, 7:06 pm

Hi - Pls see my hijack this log per the advice I got in the forum.
Since last few days, I have started getting a number of virus warnings(W32.Pavsee.C, bloodhound etc.) , Critical system erros , security violation error etc. Most of these warnings show up in the system tray and keep appearing repeatedly. They seem to generated by a program called "Personal Antivirus" running on my system. I do not know whether this program is genuine or not - seems to be a fake antivirus. My internet explorer browser is crashing as well and so are various other programs and java services. Please help :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:11 PM, on 5/18/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\PAV\pav.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Users\Narwal\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: &Helper - {2E59498D-7E44-4452-9044-0973B080B9E8} - C:\Windows\System32\winexplorer.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\Narwal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.bodymindandmodem.com/Basics/posture.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.com/wfplayer/tdserver.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/29.55/uploader2.cab
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadv ... /abxgh.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DCA1F18-844C-477E-A5BD-AE5F7FF5594A}: NameServer = 203.94.243.70,203.94.227.70
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8485 bytes
GeniusMagic
Regular Member
 
Posts: 77
Joined: June 20th, 2005, 11:28 pm
Advertisement
Register to Remove

Re: Continuous virus warnigs, error messages....

Unread postby Shaba » May 21st, 2009, 4:32 am

Hi GeniusMagic

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Continuous virus warnigs, error messages....

Unread postby GeniusMagic » May 21st, 2009, 8:21 am

HI Shaba,
Thank you for your reply. While I was waiting for your reply, my laptop's conditioned deteiorated significantally and I did some researh and took some steps on my own.
I believe I was affected by personal antivitus. I found PAV.exe and other related folders on my machine and deleted them. Also I fixed one Hijack this entry (winexplorer.dll). I read that this is caused by the same virus. I also scanned my PC online. Most of the scans do no complete as the browser (or sometimes whole system) crashes. It however did indicate that I have various infections like DNS Changer and Zlob. My fake alerts have come down after I deleted PAV from my system but as son as I reboot, I get various dialog box messages saying "Google installer / Internet explorer has stopped working"and they continue to appear. Also my system has started restarting on its own after showing a blue screen.


Please see below the contents of log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Narwal at 2009-05-21 08:01:32
Microsoft® Windows Vista™ Home Premium
System drive C: has 13 GB (18%) free of 75 GB
Total RAM: 1014 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:43 AM, on 5/21/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Users\Narwal\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\WerFault.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WerFault.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\WerFault.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Narwal\Pictures\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Narwal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\Narwal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.bodymindandmodem.com/Basics/posture.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/29.55/uploader2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadv ... /abxgh.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8941 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2307070536-2186033536-3377706424-1000.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\PAV.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
C:\Program Files\SiteAdvisor\6253\SiteAdv.dll [2007-12-04 927008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll [2007-06-25 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-19 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll [2007-12-04 927008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-11-28 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-11-28 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-11-28 81920]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-08-29 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]
"MskAgentexe"=C:\Program Files\McAfee\MSK\MskAgent.exe [2007-01-17 152144]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-19 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2006-11-10 417792]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-27 4670704]
"Google Update"=C:\Users\Narwal\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-18 133104]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE [2009-01-16 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-11-28 212992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85626e29-c300-11dc-8d7e-001b38134f9c}]
shell\AutoRun\command - G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b17ec773-9769-11dc-b4e6-001b38134f9c}]
shell\AutoRun\command - wscript.exe VirusRemoval.vbs
shell\open\command - wscript.exe VirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b17ec778-9769-11dc-b4e6-001b38134f9c}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-05-21 08:01:32 ----D---- C:\rsit
2009-05-19 19:11:03 ----D---- C:\ProgramData\Malwarebytes
2009-05-19 19:11:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-19 08:25:11 ----A---- C:\Windows\ntbtlog.txt
2009-05-19 00:33:31 ----D---- C:\Windows\McAfee.com
2009-05-18 19:17:30 ----D---- C:\Windows\BDOSCAN8
2009-05-16 15:42:05 ----D---- C:\Program Files\Trend Micro
2009-05-15 19:37:44 ----D---- C:\Program Files\Panda Security
2009-05-09 11:44:48 ----D---- C:\Windows\Sun
2009-05-05 08:15:04 ----A---- C:\Hello.exe
2009-05-04 23:06:00 ----D---- C:\Program Files\Microsoft SDKs
2009-05-04 22:58:21 ----D---- C:\Program Files\Debugging Tools for Windows
2009-05-04 22:46:11 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-05-03 21:31:28 ----D---- C:\Test
2009-05-02 15:07:11 ----A---- C:\Windows\system32\mshtmled.dll
2009-05-02 15:07:11 ----A---- C:\Windows\system32\icardie.dll
2009-05-02 15:07:10 ----A---- C:\Windows\system32\mshtmler.dll
2009-05-02 15:07:10 ----A---- C:\Windows\system32\jsproxy.dll
2009-05-02 15:07:10 ----A---- C:\Windows\system32\ieui.dll
2009-05-02 15:07:10 ----A---- C:\Windows\system32\admparse.dll
2009-05-02 15:07:09 ----A---- C:\Windows\system32\msls31.dll
2009-05-02 15:07:09 ----A---- C:\Windows\system32\iernonce.dll
2009-05-02 15:07:09 ----A---- C:\Windows\system32\corpol.dll
2009-05-02 15:07:08 ----A---- C:\Windows\system32\imgutil.dll
2009-05-02 15:07:08 ----A---- C:\Windows\system32\ieakeng.dll
2009-05-02 15:07:08 ----A---- C:\Windows\system32\dxtrans.dll
2009-05-02 15:07:08 ----A---- C:\Windows\system32\dxtmsft.dll
2009-05-02 15:07:07 ----A---- C:\Windows\system32\occache.dll
2009-05-02 15:07:07 ----A---- C:\Windows\system32\msrating.dll
2009-05-02 15:07:07 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-05-02 15:07:07 ----A---- C:\Windows\system32\licmgr10.dll
2009-05-02 15:07:07 ----A---- C:\Windows\system32\inseng.dll
2009-05-02 15:07:07 ----A---- C:\Windows\system32\iepeers.dll
2009-05-02 15:07:07 ----A---- C:\Windows\system32\ieaksie.dll
2009-05-02 15:07:06 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-05-02 15:07:06 ----A---- C:\Windows\system32\wextract.exe
2009-05-02 15:07:06 ----A---- C:\Windows\system32\webcheck.dll
2009-05-02 15:07:06 ----A---- C:\Windows\system32\mstime.dll
2009-05-02 15:07:06 ----A---- C:\Windows\system32\msfeedssync.exe
2009-05-02 15:07:06 ----A---- C:\Windows\system32\iesetup.dll
2009-05-02 15:07:06 ----A---- C:\Windows\system32\ieakui.dll
2009-05-02 15:07:05 ----A---- C:\Windows\system32\pngfilt.dll
2009-05-02 15:07:05 ----A---- C:\Windows\system32\msfeeds.dll
2009-05-02 15:07:05 ----A---- C:\Windows\system32\advpack.dll
2009-05-02 15:07:04 ----A---- C:\Windows\system32\ieapfltr.dll
2009-05-02 15:07:03 ----A---- C:\Windows\system32\vbscript.dll
2009-05-02 15:07:03 ----A---- C:\Windows\system32\jscript.dll
2009-05-02 15:07:02 ----A---- C:\Windows\system32\url.dll
2009-05-02 15:07:02 ----A---- C:\Windows\system32\iedkcs32.dll
2009-05-02 15:06:58 ----A---- C:\Windows\system32\mshta.exe
2009-05-02 15:06:58 ----A---- C:\Windows\system32\iexpress.exe
2009-05-02 15:06:58 ----A---- C:\Windows\system32\iesysprep.dll
2009-05-02 15:06:57 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-05-02 15:06:57 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-05-02 15:06:57 ----A---- C:\Windows\system32\PDMSetup.exe
2009-05-02 15:06:57 ----A---- C:\Windows\system32\ieUnatt.exe
2009-05-02 15:06:56 ----A---- C:\Windows\system32\wininet.dll
2009-05-02 15:06:56 ----A---- C:\Windows\system32\iertutil.dll
2009-05-02 15:06:56 ----A---- C:\Windows\system32\ie4uinit.exe
2009-05-02 15:06:55 ----A---- C:\Windows\system32\urlmon.dll
2009-05-02 15:06:53 ----A---- C:\Windows\system32\ieframe.dll
2009-05-02 15:06:51 ----A---- C:\Windows\system32\mshtml.dll
2009-05-02 13:24:58 ----D---- C:\perflogs
2009-05-02 13:01:17 ----D---- C:\Downloads
2009-05-02 10:15:41 ----D---- C:\Users\Narwal\AppData\Roaming\MusicNet

======List of files/folders modified in the last 1 months======

2009-05-21 08:01:43 ----D---- C:\Windows\Prefetch
2009-05-21 08:01:29 ----D---- C:\Windows\Temp
2009-05-21 07:25:27 ----D---- C:\Users\Narwal\AppData\Roaming\SiteAdvisor
2009-05-20 07:31:14 ----AD---- C:\Windows\System32
2009-05-19 22:51:36 ----D---- C:\Program Files\Common Files
2009-05-19 20:24:10 ----SD---- C:\Windows\Downloaded Program Files
2009-05-19 19:11:07 ----D---- C:\Windows\system32\drivers
2009-05-19 19:11:03 ----RD---- C:\Program Files
2009-05-19 19:11:03 ----HD---- C:\ProgramData
2009-05-19 08:25:11 ----D---- C:\Windows
2009-05-18 18:43:14 ----D---- C:\Windows\inf
2009-05-18 18:43:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-18 13:25:35 ----SHD---- C:\System Volume Information
2009-05-16 20:25:20 ----D---- C:\Program Files\LimeWire
2009-05-16 20:24:56 ----D---- C:\Users\Narwal\AppData\Roaming\LimeWire
2009-05-15 12:28:14 ----D---- C:\Windows\system32\Tasks
2009-05-15 12:28:12 ----D---- C:\Windows\Tasks
2009-05-15 12:01:28 ----D---- C:\Windows\winsxs
2009-05-14 03:03:21 ----D---- C:\Windows\system32\catroot
2009-05-14 03:02:57 ----D---- C:\Program Files\Windows Mail
2009-05-13 20:08:02 ----D---- C:\Program Files\Internet Explorer
2009-05-13 07:19:26 ----D---- C:\Windows\system32\catroot2
2009-05-04 23:28:51 ----SHD---- C:\Windows\Installer
2009-05-04 23:28:17 ----D---- C:\ProgramData\Microsoft Help
2009-05-04 23:22:09 ----D---- C:\Windows\Microsoft.NET
2009-05-04 23:21:01 ----RSD---- C:\Windows\assembly
2009-05-04 23:06:00 ----D---- C:\Program Files\Common Files\microsoft shared
2009-05-04 22:50:25 ----SD---- C:\Users\Narwal\AppData\Roaming\Microsoft
2009-05-04 22:50:25 ----SD---- C:\ProgramData\Microsoft
2009-05-04 22:46:15 ----D---- C:\Program Files\Microsoft Office
2009-05-02 15:11:00 ----D---- C:\Windows\system32\migration
2009-05-02 15:11:00 ----D---- C:\Windows\system32\en-US
2009-05-02 15:11:00 ----D---- C:\Windows\PolicyDefinitions
2009-05-02 14:57:54 ----D---- C:\Program Files\Google
2009-05-02 14:36:58 ----D---- C:\Program Files\TOSHIBA Games
2009-05-02 14:33:24 ----D---- C:\Program Files\InterVideo
2009-05-02 14:33:17 ----D---- C:\ProgramData\Ulead Systems
2009-05-02 14:33:17 ----D---- C:\Program Files\Common Files\Ulead Systems
2009-05-02 14:30:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-02 14:26:36 ----D---- C:\Users\Narwal\AppData\Roaming\Mozilla
2009-05-02 14:24:42 ----D---- C:\ProgramData\Google
2009-05-02 14:22:27 ----D---- C:\ProgramData\Napster
2009-05-02 14:15:46 ----D---- C:\Program Files\TotalImageConverter
2009-05-02 14:15:16 ----D---- C:\Users\Narwal\AppData\Roaming\yahoo!
2009-05-02 14:15:16 ----D---- C:\ProgramData\Yahoo!

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-03-02 120360]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-08-31 1161152]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-02-28 694784]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-16 14208]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-29 1476096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]
R3 mfeavfk;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk.sys [2007-06-25 71496]
R3 mfebopk;McAfee Inc.; C:\Windows\system32\drivers\mfebopk.sys [2007-06-25 34184]
R3 mfehidk;McAfee Inc.; C:\Windows\system32\drivers\mfehidk.sys [2007-06-25 171240]
R3 mfesmfk;McAfee Inc.; C:\Windows\system32\drivers\mfesmfk.sys [2007-06-25 37480]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-04 59392]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-08-29 82432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-27 179896]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448]
S1 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys [2005-08-01 64896]
S3 ALSysIO;ALSysIO; \??\C:\Users\Narwal\AppData\Local\Temp\ALSysIO.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-29 1476096]
S3 mferkdk;McAfee Inc.; C:\Windows\system32\drivers\mferkdk.sys [2007-06-25 32008]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S3 V0250Dev;Live! Cam Notebook Pro; C:\Windows\system32\DRIVERS\V0250Dev.sys [2007-08-30 169696]
S3 V0250Vfx;V0250Vfx; C:\Windows\system32\DRIVERS\V0250Vfx.sys [2006-03-24 6272]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-02-19 219520]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-02-19 211072]
S4 KR3NPXP;KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [2006-09-27 479488]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-09-12 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service; C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe [2007-02-13 540776]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-01-16 362064]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-04-12 353368]
R2 McRedirector;McAfee Redirector Service; c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [2007-03-08 256096]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-06-25 144960]
R2 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-01-25 643664]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-06-19 841256]
R2 MPS9;McAfee Privacy Service; C:\PROGRA~1\McAfee\MPS\mps.exe [2007-04-18 906792]
R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-01-17 29264]
R2 pinger;pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [2007-01-25 136816]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2007-01-25 63096]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2006-12-20 428152]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-11-01 77824]
S3 Emproxy;McAfee E-mail Proxy; C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe [2007-10-05 341328]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-22 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------
GeniusMagic
Regular Member
 
Posts: 77
Joined: June 20th, 2005, 11:28 pm

Re: Continuous virus warnigs, error messages....

Unread postby GeniusMagic » May 21st, 2009, 8:24 am

and here are the log contents of info.txt after I ran RSIT :

info.txt logfile of random's system information tool 1.06 2009-05-21 08:01:47

======Uninstall list======

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\Setup.exe" -l0x9 -removeonly
BitTornado 0.3.17-->C:\Program Files\BitTornado\uninst.exe
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9
Citrix Presentation Server Client-->MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
Creative Live! Cam Notebook Pro Driver (1.04.02.0000)-->C:\Windows\CtDrvIns.exe -uninstall -script VF0250.uns -unsext NT -plugin V0250Pin.dll -pluginres CtCamPin.crl
Debugging Tools for Windows-->MsiExec.exe /I{5C741A01-05D6-4306-BA6A-DC8401285AE8}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Software Development Kit for Windows Vista Update (6000.16384.10)-->"C:\Program Files\Microsoft SDKs\Windows\v6.0\Setup\SDKSetup.exe" -x "-source:C:\Program Files\Microsoft SDKs\Windows\v6.0\Setup\1033\;C:\Users\Narwal\AppData\Local\Temp\SDKSetup\WinSDK\;http://download.microsoft.com/download/c/a/1/ca145d10-e254-475c-85f9-1439f4cd2a9e"
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF-XChange 3-->"C:\Program Files\Mindjet\MindManager 7\PDF-XChange\unins000.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Super DX-Ball v1.1-->"C:\Program Files\Super DX-Ball\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{F7B05784-334C-4F76-8BAB-30ABEB7FD534}\setup.exe -runfromtemp -l0x0409
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe -runfromtemp -l0x0009uninstall -removeonly
TOSHIBA Disc Creator-->MsiExec.exe /I{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{617C36FD-0CBE-4600-84B2-441CEB12FADF} /l1033
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Game Console-->"C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe"
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
TOSHIBA Media Center Game Console-->"C:\Program Files\TOSHIBA Games\TOSHIBA Media Center Game Console\Uninstall.exe"
TOSHIBA Music-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E9C4531-58C4-4349-AD2F-A4D999E451EC}\setup.exe" -l0x9 -removeonly
Toshiba Registration-->MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinDVD for TOSHIBA-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Music Jukebox-->MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}

=====HijackThis Backups=====

O2 - BHO: &Helper - {2E59498D-7E44-4452-9044-0973B080B9E8} - C:\Windows\System32\winexplorer.dll [2009-05-20]
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DCA1F18-844C-477E-A5BD-AE5F7FF5594A}: NameServer = 203.94.243.70,203.94.227.70 [2009-05-20]
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.com/wfplayer/tdserver.cab [2009-05-20]

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall
AS: McAfee VirusScan
AS: Windows Defender

======System event log======

Computer Name: Narwal-PC
Event Code: 6008
Message: The previous system shutdown at 7:41:50 AM on 5/21/2009 was unexpected.
Record Number: 134902
Source Name: EventLog
Time Written: 20090521114314.000000-000
Event Type: Error
User:

Computer Name: Narwal-PC
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
Record Number: 134907
Source Name: volmgr
Time Written: 20090521114300.206449-000
Event Type: Error
User:

Computer Name: Narwal-PC
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
Record Number: 134910
Source Name: volmgr
Time Written: 20090521114305.728884-000
Event Type: Error
User:

Computer Name: Narwal-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
Tosrfcom
Record Number: 134993
Source Name: Service Control Manager
Time Written: 20090521114456.000000-000
Event Type: Error
User:

Computer Name: Narwal-PC
Event Code: 7031
Message: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Record Number: 135012
Source Name: Service Control Manager
Time Written: 20090521115823.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Narwal-PC
Event Code: 1000
Message: Faulting application GoogleUpdate.exe, version 1.2.131.7, time stamp 0x48af14ef, faulting module GoogleUpdate.exe, version 1.2.131.7, time stamp 0x48af14ef, exception code 0x80000003, fault offset 0x00006eef, process id 0x574, application start time 0x01c9da095ea06b87.
Record Number: 23615
Source Name: Application Error
Time Written: 20090521114334.000000-000
Event Type: Error
User:

Computer Name: Narwal-PC
Event Code: 1000
Message: Faulting application iexplore.exe, version 8.0.6001.18702, time stamp 0x49b3ad2e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000005, fault offset 0x000600ae, process id 0x388, application start time 0x01c9da0ab1cb7247.
Record Number: 23628
Source Name: Application Error
Time Written: 20090521115305.000000-000
Event Type: Error
User:

Computer Name: Narwal-PC
Event Code: 1002
Message: The program iexplore.exe version 8.0.6001.18702 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 12cc Start Time: 01c9da0987fa3477 Termination Time: 50
Record Number: 23629
Source Name: Application Hang
Time Written: 20090521115849.000000-000
Event Type: Error
User:

Computer Name: Narwal-PC
Event Code: 1000
Message: Faulting application iexplore.exe, version 8.0.6001.18702, time stamp 0x49b3ad2e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc00000fd, fault offset 0x00065e7f, process id 0x1330, application start time 0x01c9da0b87a05a27.
Record Number: 23630
Source Name: Application Error
Time Written: 20090521115909.000000-000
Event Type: Error
User:

Computer Name: Narwal-PC
Event Code: 1000
Message: Faulting application iexplore.exe, version 8.0.6001.18702, time stamp 0x49b3ad2e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc00000fd, fault offset 0x0003f3dc, process id 0xb64, application start time 0x01c9da0b98bd9bb7.
Record Number: 23633
Source Name: Application Error
Time Written: 20090521115930.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Narwal-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: NARWAL-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x268
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 31875
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090521115828.320821-000
Event Type: Audit Success
User:

Computer Name: Narwal-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 31876
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090521115828.320821-000
Event Type: Audit Success
User:

Computer Name: Narwal-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: NARWAL-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x268
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 31877
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090521115853.353821-000
Event Type: Audit Success
User:

Computer Name: Narwal-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: NARWAL-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x268
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 31878
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090521115853.353821-000
Event Type: Audit Success
User:

Computer Name: Narwal-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 31879
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090521115853.353821-000
Event Type: Audit Success
User:

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\ImageConverter Plus;C:\Program Files\ImageConverter Plus\Microsoft.VC80.CRT;C:\Program Files\ImageConverter Plus\Microsoft.VC80.MFC;C:\Test;
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0e0c
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%

-----------------EOF-----------------
GeniusMagic
Regular Member
 
Posts: 77
Joined: June 20th, 2005, 11:28 pm

Re: Continuous virus warnigs, error messages....

Unread postby Shaba » May 21st, 2009, 8:36 am

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTornado 0.3.17
LimeWire 4.18.3


I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete info.txt from c:\rsit folder

Please run a new rsit log scan when finished and post the logs back here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Continuous virus warnigs, error messages....

Unread postby GeniusMagic » May 21st, 2009, 9:05 am

I uninstalled both these programs. Also, I just got a malware alert saying "Problem caused by UACD.sys"

Here is the info.txt log after I ran the RSIT scan again :

info.txt logfile of random's system information tool 1.06 2009-05-21 08:44:47

======Uninstall list======

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\Setup.exe" -l0x9 -removeonly
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9
Citrix Presentation Server Client-->MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
Creative Live! Cam Notebook Pro Driver (1.04.02.0000)-->C:\Windows\CtDrvIns.exe -uninstall -script VF0250.uns -unsext NT -plugin V0250Pin.dll -pluginres CtCamPin.crl
Debugging Tools for Windows-->MsiExec.exe /I{5C741A01-05D6-4306-BA6A-DC8401285AE8}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Software Development Kit for Windows Vista Update (6000.16384.10)-->"C:\Program Files\Microsoft SDKs\Windows\v6.0\Setup\SDKSetup.exe" -x "-source:C:\Program Files\Microsoft SDKs\Windows\v6.0\Setup\1033\;C:\Users\Narwal\AppData\Local\Temp\SDKSetup\WinSDK\;http://download.microsoft.com/download/c/a/1/ca145d10-e254-475c-85f9-1439f4cd2a9e"
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF-XChange 3-->"C:\Program Files\Mindjet\MindManager 7\PDF-XChange\unins000.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Super DX-Ball v1.1-->"C:\Program Files\Super DX-Ball\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{F7B05784-334C-4F76-8BAB-30ABEB7FD534}\setup.exe -runfromtemp -l0x0409
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe -runfromtemp -l0x0009uninstall -removeonly
TOSHIBA Disc Creator-->MsiExec.exe /I{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{617C36FD-0CBE-4600-84B2-441CEB12FADF} /l1033
TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Game Console-->"C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe"
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
TOSHIBA Media Center Game Console-->"C:\Program Files\TOSHIBA Games\TOSHIBA Media Center Game Console\Uninstall.exe"
TOSHIBA Music-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E9C4531-58C4-4349-AD2F-A4D999E451EC}\setup.exe" -l0x9 -removeonly
Toshiba Registration-->MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinDVD for TOSHIBA-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Music Jukebox-->MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}

=====HijackThis Backups=====

O2 - BHO: &Helper - {2E59498D-7E44-4452-9044-0973B080B9E8} - C:\Windows\System32\winexplorer.dll [2009-05-20]
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DCA1F18-844C-477E-A5BD-AE5F7FF5594A}: NameServer = 203.94.243.70,203.94.227.70 [2009-05-20]
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.com/wfplayer/tdserver.cab [2009-05-20]

======Security center information======

AV: McAfee VirusScan (outdated)
FW: McAfee Personal Firewall
AS: McAfee VirusScan
AS: Windows Defender

======System event log======

Computer Name: Narwal-PC
Event Code: 6008
Message: The previous system shutdown at 7:41:50 AM on 5/21/2009 was unexpected.
Record Number: 134902
Source Name: EventLog
Time Written: 20090521114314.000000-000
Event Type: Error
User:

Computer Name: Narwal-PC
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
Record Number: 134907
Source Name: volmgr
Time Written: 20090521114300.206449-000
Event Type: Error
User:

Computer Name: Narwal-PC
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
Record Number: 134910
Source Name: volmgr
Time Written: 20090521114305.728884-000
Event Type: Error
User:

Computer Name: Narwal-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
Tosrfcom
Record Number: 134993
Source Name: Service Control Manager
Time Written: 20090521114456.000000-000
Event Type: Error
User:

Computer Name: Narwal-PC
Event Code: 7031
Message: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Record Number: 135012
Source Name: Service Control Manager
Time Written: 20090521115823.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Narwal-PC
Event Code: 1002
Message: The program iexplore.exe version 8.0.6001.18702 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 12cc Start Time: 01c9da0987fa3477 Termination Time: 50
Record Number: 23629
Source Name: Application Hang
Time Written: 20090521115849.000000-000
Event Type: Error
User:

Computer Name: Narwal-PC
Event Code: 1000
Message: Faulting application iexplore.exe, version 8.0.6001.18702, time stamp 0x49b3ad2e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc00000fd, fault offset 0x00065e7f, process id 0x1330, application start time 0x01c9da0b87a05a27.
Record Number: 23630
Source Name: Application Error
Time Written: 20090521115909.000000-000
Event Type: Error
User:

Computer Name: Narwal-PC
Event Code: 1000
Message: Faulting application iexplore.exe, version 8.0.6001.18702, time stamp 0x49b3ad2e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc00000fd, fault offset 0x0003f3dc, process id 0xb64, application start time 0x01c9da0b98bd9bb7.
Record Number: 23633
Source Name: Application Error
Time Written: 20090521115930.000000-000
Event Type: Error
User:

Computer Name: Narwal-PC
Event Code: 1000
Message: Faulting application Iexplore.exe, version 8.0.6001.18702, time stamp 0x49b3ad2e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc00000fd, fault offset 0x0003f3dc, process id 0x11dc, application start time 0x01c9da0d8d4ec7c7.
Record Number: 23635
Source Name: Application Error
Time Written: 20090521121330.000000-000
Event Type: Error
User:

Computer Name: Narwal-PC
Event Code: 1000
Message: Faulting application Iexplore.exe, version 8.0.6001.18702, time stamp 0x49b3ad2e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc00000fd, fault offset 0x0003f429, process id 0x17e0, application start time 0x01c9da0ef2a2b3b7.
Record Number: 23636
Source Name: Application Error
Time Written: 20090521122329.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Narwal-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: NARWAL-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x268
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 31875
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090521115828.320821-000
Event Type: Audit Success
User:

Computer Name: Narwal-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 31876
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090521115828.320821-000
Event Type: Audit Success
User:

Computer Name: Narwal-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: NARWAL-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x268
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 31877
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090521115853.353821-000
Event Type: Audit Success
User:

Computer Name: Narwal-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: NARWAL-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x268
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 31878
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090521115853.353821-000
Event Type: Audit Success
User:

Computer Name: Narwal-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 31879
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090521115853.353821-000
Event Type: Audit Success
User:

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\ImageConverter Plus;C:\Program Files\ImageConverter Plus\Microsoft.VC80.CRT;C:\Program Files\ImageConverter Plus\Microsoft.VC80.MFC;C:\Test;
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0e0c
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%

-----------------EOF-----------------
GeniusMagic
Regular Member
 
Posts: 77
Joined: June 20th, 2005, 11:28 pm

Re: Continuous virus warnigs, error messages....

Unread postby GeniusMagic » May 21st, 2009, 9:12 am

and the other log :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Narwal at 2009-05-21 08:44:38
Microsoft® Windows Vista™ Home Premium
System drive C: has 14 GB (18%) free of 75 GB
Total RAM: 1014 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:46 AM, on 5/21/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Users\Narwal\Pictures\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Narwal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\Narwal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.bodymindandmodem.com/Basics/posture.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/29.55/uploader2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/ghadv ... /abxgh.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8686 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2307070536-2186033536-3377706424-1000.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\PAV.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
C:\Program Files\SiteAdvisor\6253\SiteAdv.dll [2007-12-04 927008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll [2007-06-25 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-19 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll [2007-12-04 927008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-11-28 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-11-28 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-11-28 81920]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-08-29 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]
"MskAgentexe"=C:\Program Files\McAfee\MSK\MskAgent.exe [2007-01-17 152144]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-19 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2006-11-10 417792]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-27 4670704]
"Google Update"=C:\Users\Narwal\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-18 133104]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE [2009-01-16 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-11-28 212992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85626e29-c300-11dc-8d7e-001b38134f9c}]
shell\AutoRun\command - G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b17ec773-9769-11dc-b4e6-001b38134f9c}]
shell\AutoRun\command - wscript.exe VirusRemoval.vbs
shell\open\command - wscript.exe VirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b17ec778-9769-11dc-b4e6-001b38134f9c}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-05-21 08:01:32 ----D---- C:\rsit
2009-05-19 19:11:03 ----D---- C:\ProgramData\Malwarebytes
2009-05-19 19:11:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-19 08:25:11 ----A---- C:\Windows\ntbtlog.txt
2009-05-19 00:33:31 ----D---- C:\Windows\McAfee.com
2009-05-18 19:17:30 ----D---- C:\Windows\BDOSCAN8
2009-05-16 15:42:05 ----D---- C:\Program Files\Trend Micro
2009-05-15 19:37:44 ----D---- C:\Program Files\Panda Security
2009-05-09 11:44:48 ----D---- C:\Windows\Sun
2009-05-05 08:15:04 ----A---- C:\Hello.exe
2009-05-04 23:06:00 ----D---- C:\Program Files\Microsoft SDKs
2009-05-04 22:58:21 ----D---- C:\Program Files\Debugging Tools for Windows
2009-05-04 22:46:11 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-05-03 21:31:28 ----D---- C:\Test
2009-05-02 15:07:11 ----A---- C:\Windows\system32\mshtmled.dll
2009-05-02 15:07:11 ----A---- C:\Windows\system32\icardie.dll
2009-05-02 15:07:10 ----A---- C:\Windows\system32\mshtmler.dll
2009-05-02 15:07:10 ----A---- C:\Windows\system32\jsproxy.dll
2009-05-02 15:07:10 ----A---- C:\Windows\system32\ieui.dll
2009-05-02 15:07:10 ----A---- C:\Windows\system32\admparse.dll
2009-05-02 15:07:09 ----A---- C:\Windows\system32\msls31.dll
2009-05-02 15:07:09 ----A---- C:\Windows\system32\iernonce.dll
2009-05-02 15:07:09 ----A---- C:\Windows\system32\corpol.dll
2009-05-02 15:07:08 ----A---- C:\Windows\system32\imgutil.dll
2009-05-02 15:07:08 ----A---- C:\Windows\system32\ieakeng.dll
2009-05-02 15:07:08 ----A---- C:\Windows\system32\dxtrans.dll
2009-05-02 15:07:08 ----A---- C:\Windows\system32\dxtmsft.dll
2009-05-02 15:07:07 ----A---- C:\Windows\system32\occache.dll
2009-05-02 15:07:07 ----A---- C:\Windows\system32\msrating.dll
2009-05-02 15:07:07 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-05-02 15:07:07 ----A---- C:\Windows\system32\licmgr10.dll
2009-05-02 15:07:07 ----A---- C:\Windows\system32\inseng.dll
2009-05-02 15:07:07 ----A---- C:\Windows\system32\iepeers.dll
2009-05-02 15:07:07 ----A---- C:\Windows\system32\ieaksie.dll
2009-05-02 15:07:06 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-05-02 15:07:06 ----A---- C:\Windows\system32\wextract.exe
2009-05-02 15:07:06 ----A---- C:\Windows\system32\webcheck.dll
2009-05-02 15:07:06 ----A---- C:\Windows\system32\mstime.dll
2009-05-02 15:07:06 ----A---- C:\Windows\system32\msfeedssync.exe
2009-05-02 15:07:06 ----A---- C:\Windows\system32\iesetup.dll
2009-05-02 15:07:06 ----A---- C:\Windows\system32\ieakui.dll
2009-05-02 15:07:05 ----A---- C:\Windows\system32\pngfilt.dll
2009-05-02 15:07:05 ----A---- C:\Windows\system32\msfeeds.dll
2009-05-02 15:07:05 ----A---- C:\Windows\system32\advpack.dll
2009-05-02 15:07:04 ----A---- C:\Windows\system32\ieapfltr.dll
2009-05-02 15:07:03 ----A---- C:\Windows\system32\vbscript.dll
2009-05-02 15:07:03 ----A---- C:\Windows\system32\jscript.dll
2009-05-02 15:07:02 ----A---- C:\Windows\system32\url.dll
2009-05-02 15:07:02 ----A---- C:\Windows\system32\iedkcs32.dll
2009-05-02 15:06:58 ----A---- C:\Windows\system32\mshta.exe
2009-05-02 15:06:58 ----A---- C:\Windows\system32\iexpress.exe
2009-05-02 15:06:58 ----A---- C:\Windows\system32\iesysprep.dll
2009-05-02 15:06:57 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-05-02 15:06:57 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-05-02 15:06:57 ----A---- C:\Windows\system32\PDMSetup.exe
2009-05-02 15:06:57 ----A---- C:\Windows\system32\ieUnatt.exe
2009-05-02 15:06:56 ----A---- C:\Windows\system32\wininet.dll
2009-05-02 15:06:56 ----A---- C:\Windows\system32\iertutil.dll
2009-05-02 15:06:56 ----A---- C:\Windows\system32\ie4uinit.exe
2009-05-02 15:06:55 ----A---- C:\Windows\system32\urlmon.dll
2009-05-02 15:06:53 ----A---- C:\Windows\system32\ieframe.dll
2009-05-02 15:06:51 ----A---- C:\Windows\system32\mshtml.dll
2009-05-02 13:24:58 ----D---- C:\perflogs
2009-05-02 13:01:17 ----D---- C:\Downloads
2009-05-02 10:15:41 ----D---- C:\Users\Narwal\AppData\Roaming\MusicNet

======List of files/folders modified in the last 1 months======

2009-05-21 08:43:33 ----D---- C:\Windows\Temp
2009-05-21 08:42:38 ----D---- C:\Windows\Prefetch
2009-05-21 08:42:37 ----D---- C:\Program Files\LimeWire
2009-05-21 08:42:22 ----RD---- C:\Program Files
2009-05-21 07:25:27 ----D---- C:\Users\Narwal\AppData\Roaming\SiteAdvisor
2009-05-20 07:31:14 ----AD---- C:\Windows\System32
2009-05-19 22:51:36 ----D---- C:\Program Files\Common Files
2009-05-19 20:24:10 ----SD---- C:\Windows\Downloaded Program Files
2009-05-19 19:11:07 ----D---- C:\Windows\system32\drivers
2009-05-19 19:11:03 ----HD---- C:\ProgramData
2009-05-19 08:25:11 ----D---- C:\Windows
2009-05-18 18:43:14 ----D---- C:\Windows\inf
2009-05-18 18:43:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-18 13:25:35 ----SHD---- C:\System Volume Information
2009-05-16 20:24:56 ----D---- C:\Users\Narwal\AppData\Roaming\LimeWire
2009-05-15 12:28:14 ----D---- C:\Windows\system32\Tasks
2009-05-15 12:28:12 ----D---- C:\Windows\Tasks
2009-05-15 12:01:28 ----D---- C:\Windows\winsxs
2009-05-14 03:03:21 ----D---- C:\Windows\system32\catroot
2009-05-14 03:02:57 ----D---- C:\Program Files\Windows Mail
2009-05-13 20:08:02 ----D---- C:\Program Files\Internet Explorer
2009-05-13 07:19:26 ----D---- C:\Windows\system32\catroot2
2009-05-04 23:28:51 ----SHD---- C:\Windows\Installer
2009-05-04 23:28:17 ----D---- C:\ProgramData\Microsoft Help
2009-05-04 23:22:09 ----D---- C:\Windows\Microsoft.NET
2009-05-04 23:21:01 ----RSD---- C:\Windows\assembly
2009-05-04 23:06:00 ----D---- C:\Program Files\Common Files\microsoft shared
2009-05-04 22:50:25 ----SD---- C:\Users\Narwal\AppData\Roaming\Microsoft
2009-05-04 22:50:25 ----SD---- C:\ProgramData\Microsoft
2009-05-04 22:46:15 ----D---- C:\Program Files\Microsoft Office
2009-05-02 15:11:00 ----D---- C:\Windows\system32\migration
2009-05-02 15:11:00 ----D---- C:\Windows\system32\en-US
2009-05-02 15:11:00 ----D---- C:\Windows\PolicyDefinitions
2009-05-02 14:57:54 ----D---- C:\Program Files\Google
2009-05-02 14:36:58 ----D---- C:\Program Files\TOSHIBA Games
2009-05-02 14:33:24 ----D---- C:\Program Files\InterVideo
2009-05-02 14:33:17 ----D---- C:\ProgramData\Ulead Systems
2009-05-02 14:33:17 ----D---- C:\Program Files\Common Files\Ulead Systems
2009-05-02 14:30:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-02 14:26:36 ----D---- C:\Users\Narwal\AppData\Roaming\Mozilla
2009-05-02 14:24:42 ----D---- C:\ProgramData\Google
2009-05-02 14:22:27 ----D---- C:\ProgramData\Napster
2009-05-02 14:15:46 ----D---- C:\Program Files\TotalImageConverter
2009-05-02 14:15:16 ----D---- C:\Users\Narwal\AppData\Roaming\yahoo!
2009-05-02 14:15:16 ----D---- C:\ProgramData\Yahoo!

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-03-02 120360]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-08-31 1161152]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-02-28 694784]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-16 14208]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-29 1476096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]
R3 mfeavfk;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk.sys [2007-06-25 71496]
R3 mfebopk;McAfee Inc.; C:\Windows\system32\drivers\mfebopk.sys [2007-06-25 34184]
R3 mfehidk;McAfee Inc.; C:\Windows\system32\drivers\mfehidk.sys [2007-06-25 171240]
R3 mfesmfk;McAfee Inc.; C:\Windows\system32\drivers\mfesmfk.sys [2007-06-25 37480]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-04 59392]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-08-29 82432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-27 179896]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448]
S1 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys [2005-08-01 64896]
S3 ALSysIO;ALSysIO; \??\C:\Users\Narwal\AppData\Local\Temp\ALSysIO.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-29 1476096]
S3 mferkdk;McAfee Inc.; C:\Windows\system32\drivers\mferkdk.sys [2007-06-25 32008]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S3 V0250Dev;Live! Cam Notebook Pro; C:\Windows\system32\DRIVERS\V0250Dev.sys [2007-08-30 169696]
S3 V0250Vfx;V0250Vfx; C:\Windows\system32\DRIVERS\V0250Vfx.sys [2006-03-24 6272]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-02-19 219520]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-02-19 211072]
S4 KR3NPXP;KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [2006-09-27 479488]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-09-12 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service; C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe [2007-02-13 540776]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-01-16 362064]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-04-12 353368]
R2 McRedirector;McAfee Redirector Service; c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [2007-03-08 256096]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-06-25 144960]
R2 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-01-25 643664]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-06-19 841256]
R2 MPS9;McAfee Privacy Service; C:\PROGRA~1\McAfee\MPS\mps.exe [2007-04-18 906792]
R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-01-17 29264]
R2 pinger;pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [2007-01-25 136816]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2007-01-25 63096]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2006-12-20 428152]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-11-01 77824]
S3 Emproxy;McAfee E-mail Proxy; C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe [2007-10-05 341328]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-22 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------
GeniusMagic
Regular Member
 
Posts: 77
Joined: June 20th, 2005, 11:28 pm

Re: Continuous virus warnigs, error messages....

Unread postby Shaba » May 21st, 2009, 10:03 am

Download gmer.zip and save to your desktop.
alternate download site
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Continuous virus warnigs, error messages....

Unread postby GeniusMagic » May 21st, 2009, 7:19 pm

Hi Shaba,

I downloaded GMER per your instructions but I am unable to run it either in Normal Mode or in the Safe Mode. When I double click on the exe, a window appareas for a fraction of second and disappers.I cannnot even read what it says.

Here I must mention that I had also tried downloading Malwareytes Antimalware before I started working with you and the same thing happened with that i.e nothing happens when double clicking on it.

I continue to get messages every minute saying "Internet Explorer has stopped working". When I click close program on this message, it goes away but comes back again after 1 minute or two. Also, I think my windows defender is running which gives a message " Problem cause by UACD.sys - possible malware"

I am not sure how what to do.
GeniusMagic
Regular Member
 
Posts: 77
Joined: June 20th, 2005, 11:28 pm

Re: Continuous virus warnigs, error messages....

Unread postby Shaba » May 22nd, 2009, 12:01 am

Those are due to infection.

Please rename gmer.exe and let me know if it works now.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Continuous virus warnigs, error messages....

Unread postby GeniusMagic » May 22nd, 2009, 7:18 am

No it does not work even after renaming. After I renamed to test.exe and double click, I start getting the same message which I get with internet explorer as soon as I login. It says "test.exe has stopped working"

My laptop is in a realy bad shape right now. It is getting restarted on its own. Right not its telling me that an authorized accesss was made to windows vista.

Please advice.
GeniusMagic
Regular Member
 
Posts: 77
Joined: June 20th, 2005, 11:28 pm

Re: Continuous virus warnigs, error messages....

Unread postby GeniusMagic » May 22nd, 2009, 7:52 am

I tried again after renaming in safe mode and it started this time but my system either froze or was rebooted when it was scanning the devices section.
and hence the scan could not complete. FYI, I kept everything checked on the right hand side including Devices, registry etc.
GeniusMagic
Regular Member
 
Posts: 77
Joined: June 20th, 2005, 11:28 pm

Re: Continuous virus warnigs, error messages....

Unread postby Shaba » May 22nd, 2009, 8:16 am

So let's then try this:

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Continuous virus warnigs, error messages....

Unread postby GeniusMagic » May 22nd, 2009, 8:43 am

Hi Shaba,

Finally after many re attempts I managed to run GMER successfully in safe mode. Pls see below the scan report. Before finishing the scan, It showed me a message that "system was modified by rootkit activity". Please let me know if you still want me to run ComboFix. Also I think I have McAfee Security Center and Windows Defender in Vista running on my computer.
.
Contents of Gmer.txt

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-22 08:30:22
Windows 6.0.6000


---- System - GMER 1.0.15 ----

Code 84403058 ZwEnumerateKey
Code 84155C90 ZwFlushInstructionCache
Code 843F23E5 IofCallDriver
Code 843F0C0E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 81C679BC 5 Bytes JMP 843F23EA
.text ntoskrnl.exe!IofCompleteRequest 81C67A29 5 Bytes JMP 843F0C13
PAGE ntoskrnl.exe!ZwFlushInstructionCache 81DA912C 5 Bytes JMP 84155C94
PAGE ntoskrnl.exe!ZwEnumerateKey 81DF0D5C 5 Bytes JMP 8440305C

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\wininit.exe[332] ntdll.dll!LdrLoadDll 770BEB00 5 Bytes JMP 006F000A
.text C:\Windows\system32\wininit.exe[332] ntdll.dll!LdrUnloadDll 770CBF0A 5 Bytes JMP 0070000C
.text C:\Windows\system32\winlogon.exe[360] ntdll.dll!LdrLoadDll 770BEB00 5 Bytes JMP 0025000A
.text C:\Windows\system32\winlogon.exe[360] ntdll.dll!LdrUnloadDll 770CBF0A 5 Bytes JMP 0026000C
.text C:\Windows\system32\services.exe[408] ntdll.dll!LdrLoadDll 770BEB00 5 Bytes JMP 00D1000A
.text C:\Windows\system32\services.exe[408] ntdll.dll!LdrUnloadDll 770CBF0A 5 Bytes JMP 00D2000C
.text C:\Windows\system32\lsass.exe[420] ntdll.dll!LdrLoadDll 770BEB00 5 Bytes JMP 00D6000A
.text C:\Windows\system32\lsass.exe[420] ntdll.dll!LdrUnloadDll 770CBF0A 5 Bytes JMP 00D9000C
.text C:\Windows\system32\lsm.exe[428] ntdll.dll!LdrLoadDll 770BEB00 5 Bytes JMP 008B000A
.text C:\Windows\system32\lsm.exe[428] ntdll.dll!LdrUnloadDll 770CBF0A 5 Bytes JMP 008C000C
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[848] ntdll.dll!LdrLoadDll 770BEB00 5 Bytes JMP 0099000A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[848] ntdll.dll!LdrUnloadDll 770CBF0A 5 Bytes JMP 00D3000C
.text C:\Windows\Explorer.EXE[1076] ntdll.dll!LdrLoadDll 770BEB00 5 Bytes JMP 00E2000A
.text C:\Windows\Explorer.EXE[1076] ntdll.dll!LdrUnloadDll 770CBF0A 5 Bytes JMP 00E3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] ntdll.dll!LdrLoadDll 770BEB00 5 Bytes JMP 0026000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] ntdll.dll!LdrUnloadDll 770CBF0A 5 Bytes JMP 0027000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] USER32.dll!DialogBoxIndirectParamW 75FF14EA 5 Bytes JMP 7302E021 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] USER32.dll!CreateWindowExW 75FF85F8 5 Bytes JMP 72F14832 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] USER32.dll!MessageBoxExA 7600570D 5 Bytes JMP 7302DE84 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] USER32.dll!DialogBoxParamA 760065BF 5 Bytes JMP 7302DFBE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] USER32.dll!MessageBoxIndirectW 7600F1B3 5 Bytes JMP 7302DEE6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] USER32.dll!DialogBoxIndirectParamA 760329C9 5 Bytes JMP 7302E084 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] USER32.dll!MessageBoxIndirectA 7603FACF 5 Bytes JMP 7302DF51 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] USER32.dll!MessageBoxExW 7603FBC9 5 Bytes JMP 7302DE22 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] WININET.dll!HttpAddRequestHeadersA 75818275 5 Bytes JMP 0099000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] WININET.dll!HttpAddRequestHeadersW 758282B3 5 Bytes JMP 00A2000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] WS2_32.dll!closesocket 77253847 5 Bytes JMP 00A40A60 \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] WS2_32.dll!send 77253A8A 5 Bytes JMP 00A40780 \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] WS2_32.dll!recv 77254ABD 5 Bytes JMP 00A3FFD0 \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] WS2_32.dll!connect 77254BA7 5 Bytes JMP 00A408A0 \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] WS2_32.dll!getaddrinfo 77254C58 5 Bytes JMP 00A3F9F0 \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1092] WS2_32.dll!gethostbyname 7725DB26 5 Bytes JMP 00A3FDA0 \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] ntdll.dll!LdrLoadDll 770BEB00 5 Bytes JMP 008D000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] ntdll.dll!LdrUnloadDll 770CBF0A 5 Bytes JMP 008E000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] USER32.dll!CallNextHookEx 75FE8A6E 5 Bytes JMP 72F0DD81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] USER32.dll!SetWindowsHookExW 75FE913D 5 Bytes JMP 72F0DBCB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] USER32.dll!DialogBoxIndirectParamW 75FF14EA 5 Bytes JMP 7302E021 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] USER32.dll!CreateWindowExW 75FF85F8 5 Bytes JMP 72F14832 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] USER32.dll!MessageBoxExA 7600570D 5 Bytes JMP 7302DE84 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] USER32.dll!DialogBoxParamA 760065BF 5 Bytes JMP 7302DFBE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] USER32.dll!MessageBoxIndirectW 7600F1B3 5 Bytes JMP 7302DEE6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] USER32.dll!DialogBoxIndirectParamA 760329C9 5 Bytes JMP 7302E084 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] USER32.dll!MessageBoxIndirectA 7603FACF 5 Bytes JMP 7302DF51 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] USER32.dll!MessageBoxExW 7603FBC9 5 Bytes JMP 7302DE22 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] ole32.dll!CoCreateInstance 75BEDD8F 5 Bytes JMP 72F1488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] WININET.dll!HttpAddRequestHeadersA 75818275 5 Bytes JMP 009B000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] WININET.dll!HttpAddRequestHeadersW 758282B3 5 Bytes JMP 00A3000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] WS2_32.dll!closesocket 77253847 5 Bytes JMP 00A50A60 \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] WS2_32.dll!send 77253A8A 5 Bytes JMP 00A50780 \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] WS2_32.dll!recv 77254ABD 5 Bytes JMP 00A4FFD0 \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] WS2_32.dll!connect 77254BA7 5 Bytes JMP 00A508A0 \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] WS2_32.dll!getaddrinfo 77254C58 5 Bytes JMP 00A4F9F0 \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] WS2_32.dll!gethostbyname 7725DB26 5 Bytes JMP 00A4FDA0 \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll
.text C:\Windows\system32\wbem\unsecapp.exe[1704] ntdll.dll!LdrLoadDll 770BEB00 5 Bytes JMP 0053000A
.text C:\Windows\system32\wbem\unsecapp.exe[1704] ntdll.dll!LdrUnloadDll 770CBF0A 5 Bytes JMP 0054000C
.text C:\Windows\system32\wbem\wmiprvse.exe[1776] ntdll.dll!LdrLoadDll 770BEB00 5 Bytes JMP 0019000A
.text C:\Windows\system32\wbem\wmiprvse.exe[1776] ntdll.dll!LdrUnloadDll 770CBF0A 5 Bytes JMP 002D000C
.text C:\Users\Narwal\Pictures\Desktop\ibn\ibn.exe[1856] ntdll.dll!LdrLoadDll 770BEB00 5 Bytes JMP 0096000A
.text C:\Users\Narwal\Pictures\Desktop\ibn\ibn.exe[1856] ntdll.dll!LdrUnloadDll 770CBF0A 5 Bytes JMP 0097000C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7412FD78] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [740FBBF1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [740EA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [740ECBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740E8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [740FD168] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740E7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740E7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740E6A54] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7417C1BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [741080FE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [740E90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [740F223C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740F2267] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740F771C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740F753E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74128585] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [572] 0x00950000
Library \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [624] 0x00960000
Library \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [656] 0x00940000
Library \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [752] 0x00950000
Library \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [776] 0x00960000
Library \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [836] 0x00E30000
Library \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1092] 0x00A30000
Library \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1180] 0x00A40000

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\UACwgeuoinwmqcitfg.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACwgeuoinwmqcitfg.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACwgeuoinwmqcitfg.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACrhtvurpepilfvhv.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACkgudkysnhxbovym.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UAChieqrljcpposafo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACfwdsisvoxxhnmga.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACtidvlqjvoqtryqh.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACtjinjvwspdehwsm.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACqbvrvnxvuegjuog.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACphijboophyvpmyp.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACwgeuoinwmqcitfg.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACwgeuoinwmqcitfg.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACrhtvurpepilfvhv.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACkgudkysnhxbovym.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UAChieqrljcpposafo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACfwdsisvoxxhnmga.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACtidvlqjvoqtryqh.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACtsbicajbbnwdbhd.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACtjinjvwspdehwsm.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACqbvrvnxvuegjuog.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACphijboophyvpmyp.log

---- Files - GMER 1.0.15 ----

File C:\perflogs\System\Diagnostics\20090502-0001\UAC Settings.xml 1571 bytes
File C:\Users\Narwal\AppData\Local\Temp\UAC8fff.tmp 681472 bytes executable
File C:\Windows\System32\drivers\UACwgeuoinwmqcitfg.sys 52224 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\UACfwdsisvoxxhnmga.dll 17408 bytes executable
File C:\Windows\System32\UAChieqrljcpposafo.dll 19968 bytes executable
File C:\Windows\System32\uacinit.dll 5245 bytes
File C:\Windows\System32\UACkgudkysnhxbovym.dat 224 bytes
File C:\Windows\System32\UACrhtvurpepilfvhv.dll 24064 bytes executable
File C:\Windows\System32\UACtidvlqjvoqtryqh.dll 19968 bytes executable
File C:\Windows\System32\UACtjinjvwspdehwsm.log 4909 bytes
File C:\Windows\System32\UACtsbicajbbnwdbhd.dll 66560 bytes

---- EOF - GMER 1.0.15 ----
GeniusMagic
Regular Member
 
Posts: 77
Joined: June 20th, 2005, 11:28 pm

Re: Continuous virus warnigs, error messages....

Unread postby Shaba » May 22nd, 2009, 9:32 am

Yes you have a rootkit like I expected.

Please continue with my combofix instructions next :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 128 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware