Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

My logfile hopefully thee a solution

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: My logfile hopefully thee a solution

Unread postby jason590 » March 7th, 2010, 1:54 am

scratch hat last post i managed to get it back to windows update and i ran dial a fix again and then windows update bit its still gets stuck. i ran RSIT again and this is what i got


Logfile of random's system information tool 1.06 (written by random/random)
Run by Jason at 2010-03-07 00:52:19
Microsoft Windows XP Professional Service Pack 2
System drive C: has 84 GB (88%) free of 95 GB
Total RAM: 894 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:34 AM, on 3/7/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\logon.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Jason.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7928999375
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 6141 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-21 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2006-05-03 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-21 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-12-11 344064]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-28 16248320]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-04-07 761946]
"Toshiba Hotkey Utility"=c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe [2006-08-01 1773568]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-12-06 1077322]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-11-18 1243088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-09 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-12-12 47104]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1161249244\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1161249244\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2d76773-33c7-11db-bd96-806d6172696f}]
shell\play\command - "C:\Program Files\InterVideo\WinDVD\WinDVD.exe" %1


======File associations======

.js - edit - C:\WINDOWS\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-07 00:37:05 ----D---- C:\WINDOWS\LastGood
2010-03-07 00:37:05 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-03-07 00:37:05 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-03-07 00:36:04 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-06 23:50:50 ----D---- C:\0ffa8295fed5463710cc703edb445962
2010-02-27 15:29:49 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-26 12:03:48 ----D---- C:\Program Files\trend micro
2010-02-26 12:03:45 ----D---- C:\rsit
2010-02-19 02:33:23 ----D---- C:\7a394de4b151676264c676
2010-02-19 02:28:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-19 02:28:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-19 02:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-19 02:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-19 02:28:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-19 02:27:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-19 02:27:40 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-19 02:27:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-19 02:27:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-19 02:26:47 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-19 02:26:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-19 02:25:21 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-02-15 09:50:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-15 09:50:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-15 09:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-15 09:50:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-15 09:49:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-15 09:49:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-15 09:49:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-15 09:49:34 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-02-15 09:49:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-02-15 09:49:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-02-15 09:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-15 09:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-15 09:48:41 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2010-02-15 09:47:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-02-15 09:47:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-15 09:47:42 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-15 09:46:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-12 02:22:28 ----D---- C:\Documents and Settings\Jason\Application Data\AVG8
2010-02-12 01:53:26 ----D---- C:\e602ab995ef4fda1814289b532e34f
2010-02-08 02:56:04 ----D---- C:\Documents and Settings\Jason\Application Data\Adobe

======List of files/folders modified in the last 1 months======

2010-03-07 00:52:35 ----D---- C:\WINDOWS\Temp
2010-03-07 00:52:25 ----D---- C:\Program Files\Spyware Doctor
2010-03-07 00:39:32 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-03-07 00:37:05 ----HD---- C:\WINDOWS\inf
2010-03-07 00:37:05 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-07 00:37:05 ----D---- C:\WINDOWS\system32
2010-03-07 00:37:05 ----D---- C:\WINDOWS
2010-03-07 00:22:38 ----D---- C:\WINDOWS\Registration
2010-03-07 00:20:17 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2010-03-06 21:31:39 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-06 21:31:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-06 21:27:38 ----SHD---- C:\WINDOWS\Installer
2010-02-27 15:29:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-27 15:29:24 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-26 12:03:48 ----D---- C:\Program Files
2010-02-19 02:36:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-19 02:30:58 ----D---- C:\WINDOWS\system32\drivers
2010-02-19 02:25:44 ----D---- C:\WINDOWS\Prefetch
2010-02-19 02:25:20 ----D---- C:\WINDOWS\Debug
2010-02-19 02:21:40 ----D---- C:\WINDOWS\system32\wbem
2010-02-15 09:48:47 ----D---- C:\Program Files\Windows Media Player
2010-02-12 03:14:56 ----SD---- C:\Documents and Settings\Jason\Application Data\Microsoft
2010-02-12 02:33:02 ----D---- C:\WINDOWS\WinSxS
2010-02-08 02:55:51 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-09 36096]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-09 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.7.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-02-07 21035]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 98816]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-03-18 1155584]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-04-01 471264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-12-12 1414656]
R3 BoiHwsetup;Access 32bits INT15 routine; C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 5504]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys []
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver; C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 31872]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver; C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 7936]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-04-07 193056]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 15360]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-09 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-09 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-09 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2005-09-26 36864]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-12 393216]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2006-05-25 114688]
R3 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2009-11-12 70928]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-09 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-09 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]

-----------------EOF-----------------
jason590
Active Member
 
Posts: 12
Joined: February 12th, 2010, 4:07 am
Top
Advertisement
Register to Remove

Re: My logfile hopefully thee a solution

Unread postby shinybeast » March 7th, 2010, 1:05 pm

Hi Jason,

Was the shut down issue you had before a one time thing or is it always like that?

Have you purchased Spyware Doctor with Anti-Virus or is it the free version?

Other than computer running slow and update issues, what other symptoms have you noticed, if any?

Let's try a couple of things to perhaps rule them out.


Check Hard Disk for Errors

Copy the following command in the code box.

Code: Select all
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"


Click Start, click Run... and paste the above command in the Open: field, then click OK.

A black command window will open while the error checking is performed.
Once it is closes locate the checkhd.txt file on your desktop and post the contents of it in your next reply.


Let's see if the computer will get through an online scan.

Panda Online Scan

Please visit Panda Active Scan with Firefox to run an online scan.
  • Once you are on the Panda site, click the Scan your PC now button
  • A new window will open...click the Scan Now button
  • Click Install button and follow the instructions to install the plug-in.
  • Click Continue after the plug-in is installed. Then it will start downloading the files it requires for the scan. Note: This may take a couple of minutes
  • The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and click Ctrl+V to paste the log in your reply

Please post contents of checkhd.txt and the results of the Panda scan along with answer to my questions in your next reply.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)
Top

Re: My logfile hopefully thee a solution

Unread postby jason590 » March 9th, 2010, 2:19 am

checkhd
The type of the file system is NTFS.
Volume label is SQ004179P04.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

97683200 KB total disk space.
12313536 KB in 46995 files.
13188 KB in 3863 indexes.
0 KB in bad sectors.
121600 KB in use by the system.
65536 KB occupied by the log file.
85234876 KB available on disk.

4096 bytes in each allocation unit.
24420800 total allocation units on disk.
21308719 allocation units available on disk.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-03-09 01:17:09
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Spyware Doctor with AntiVirus 7.0.0.92 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
02164907 Generic Malware Virus/Trojan No 0 Yes No c:\system volume information\_restore{adae5f4d-3a8f-42f7-8894-d60087ad60b2}\rp1\a0003375.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
217842 HIGH MS10-015
217169 HIGH MS10-002
215938 HIGH MS09-072
214074 HIGH MS09-057
214071 HIGH MS09-054
212494 HIGH MS09-042
212493 HIGH MS09-041
212530 HIGH MS09-034
210618 HIGH MS09-019
208380 HIGH MS09-015
208379 HIGH MS09-014
206981 HIGH MS09-007
203806 HIGH MS08-078
203508 HIGH MS08-073
201258 HIGH MS08-066
201250 HIGH MS08-058
209275 HIGH MS08-049
209273 HIGH MS08-045
194861 HIGH MS08-031
194860 HIGH MS08-030
191617 HIGH MS08-024
191613 HIGH MS08-020
187735 HIGH MS08-010
187733 HIGH MS08-008
182048 HIGH MS07-069
182046 HIGH MS07-067
179553 HIGH MS07-061
176382 HIGH MS07-057
170911 HIGH MS07-050
170906 HIGH MS07-045
170904 HIGH MS07-043
164915 HIGH MS07-035
164913 HIGH MS07-033
164911 HIGH MS07-031
160623 HIGH MS07-027
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150253 HIGH MS07-016
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
141033 MEDIUM MS06-075
141030 HIGH MS06-072
137571 HIGH MS06-070
137568 HIGH MS06-067
133387 MEDIUM MS06-065
133379 HIGH MS06-057
131654 HIGH MS06-055
129977 MEDIUM MS06-053
129976 MEDIUM MS06-052
126093 HIGH MS06-051
126092 MEDIUM MS06-050
126087 HIGH MS06-046
126086 MEDIUM MS06-045
126083 HIGH MS06-042
126082 HIGH MS06-041
123421 HIGH MS06-036
120815 HIGH MS06-022
120814 HIGH MS06-021
;===================================================================================================================================================================================
jason590
Active Member
 
Posts: 12
Joined: February 12th, 2010, 4:07 am
Top

Re: My logfile hopefully thee a solution

Unread postby shinybeast » March 9th, 2010, 7:35 pm

Hi Jason,


Let's run chkdsk again.

  • Click Start, click Run... , type chkdsk /f and press Enter (note the space between chkdsk and /f in the command).
  • A black window will open with text saying that chkdsk cannot be run and asking if you would like to schedule a check.
  • Type Y and press Enter.
  • Reboot the computer and chkdsk will run before Windows loads.
  • Note: Do not touch either the keyboard or mouse as the disk check may be canceled and the computer will load the desktop without running the check.

Please answer these questions from my previous post.

Was the shut down issue you had before a one time thing or is it always like that?

Have you purchased Spyware Doctor with Anti-Virus or is it the free version?

Other than computer running slow and update issues, what other symptoms have you noticed, if any?
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)
Top

Re: My logfile hopefully thee a solution

Unread postby jason590 » March 10th, 2010, 4:42 am

The shut down thing is still going on . It;s the one thing i hope can get fixed

Spyware doctor is purchased

Not much else other than running slow not being able to update and the shut down/restart issue

i tried doin the check disc but it didnnt do anything when i restarted it. I think its beause i cant shut down windows properly

and also the panda scan said i had in infection and vulnerabilites. should i be concerned with that
jason590
Active Member
 
Posts: 12
Joined: February 12th, 2010, 4:07 am
Top

Re: My logfile hopefully thee a solution

Unread postby shinybeast » March 10th, 2010, 8:25 pm

Hi Jason,

panda scan said i had in infection and vulnerabilites. should i be concerned with that


The "vulnerabilities" are from not having Service Pack 3 and other updates.
The "infection" is just a file in the restore points, most likely GMER that I had you run earlier. Whatever it is, it is not active and is nothing to worry about. Your computer appears to be free of malware.


As for the shutdown issue, this can be caused by many things. The first thing to check is the Device Manager (Start > Run... > type devmgmt.msc and press Enter) and see if there are any devices that have a exclamation point next to them. If there are, you could have a hardware or driver issue that needs to be addressed.

It might be caused by updates that didn't install correctly.

If Device Manager looks good (no devices flagged), then you might try downloading SP3 from here and try appyling that.


Before you do that, I recommend consulting another forum which will provide better assistance with this problem, as this is not my strength.


I suggest you try one of these sites and post in the appropriate forum.
Registration is free and so is the help.

BleepingComputer.com
The Elder Geek on Windows
What The Tech
Techguy.org


You may delete RSIT and GMER if they are still around.
I wish I could have been of more assistance.

If you have any questions, please let me know.
Otherwise, best of luck and stay safe!
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)
Top

Re: My logfile hopefully thee a solution

Unread postby Katana » March 13th, 2010, 3:24 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Top
Advertisement
Register to Remove
Previous
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 423 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index