1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HJT log - "System administrator disabled the display control panel"

Discussion in 'Virus & Other Malware Removal' started by ttthomas, Aug 11, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. ttthomas

    ttthomas Thread Starter

    Joined:
    Aug 11, 2009
    Messages:
    3
    I have been searching for the causes of this problem. when I right-click on my desktop it says "administrator disabled the display control panel." Also, by the clock on this computer it used to read "Virus Alert!" so I'm positive there is/was some type of infection. I ran Mcafee On Demand Virus scan and it found 17 problems and either cleaned/deleted them but the computer is still acting weird. Here is the Hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:54, on 8/11/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\WINDOWS\system32\TODDSrv.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Cox High Speed Internet
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
    O2 - BHO: QWProtectBHO - {6AB37108-7433-4a04-B49C-4AC3D971E102} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: nqgpedlr - {AB802BE5-5918-4875-954F-C878E08FC60E} - (no file)
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [lphc3wgj0e72g] C:\WINDOWS\system32\lphc3wgj0e72g.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-2953482505-3245152387-3725105975-1007\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'postgres')
    O4 - HKUS\S-1-5-21-2953482505-3245152387-3725105975-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'postgres')
    O4 - Startup: GmoteServer.lnk = C:\Program Files\GmoteServer\GmoteServer.exe
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\N DOG\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
    O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\N DOG\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} (CoxSelfInstallAx10 Control) - https://install.cox.net/CoxSelfInstall/CoxSelfInstallAx10.ocx
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O21 - SSODL: axrfgvek - {E1BD8931-CC71-4A25-93E8-382919256EE0} - (no file)
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe (file missing)
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 10279 bytes
     
  2. ttthomas

    ttthomas Thread Starter

    Joined:
    Aug 11, 2009
    Messages:
    3
    bump. plz help
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi Welcome to TSG!!

    Download ComboFix from one of these locations:

    Link 1
    Link 2

    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


    Go to Microsoft's website => http://support.microsoft.com/kb/310994

    Select the download that's appropriate for your Operating System

    [​IMG]


    Download the file & save it as it's originally named.


    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    Please note once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall.


    [​IMG]

    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


      [​IMG]

    • At the next prompt, click 'Yes' to run the full ComboFix scan.
    • When the tool is finished, it will produce a report for you.
    Please post the C:\ComboFix.txt in your next reply.
     
  4. ttthomas

    ttthomas Thread Starter

    Joined:
    Aug 11, 2009
    Messages:
    3
    Here is the log. thanks so much

    ComboFix 09-08-10.06 - N DOG 08/18/2009 2:12.1.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.100 [GMT -7:00]
    Running from: c:\documents and settings\N DOG\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\N DOG\Desktop\WinXP_EN_HOM_BF.EXE
    AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\N1
    c:\documents and settings\N DOG\Application Data\QUAD Backups
    c:\documents and settings\N DOG\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
    c:\documents and settings\N DOG\Local Settings\Temporary Internet Files\ijjistarter2.exe
    c:\documents and settings\N DOG\Start Menu\Programs\QUAD Utilities
    c:\documents and settings\N DOG\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.lnk
    c:\documents and settings\N DOG\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.lnk
    c:\documents and settings\N DOG\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\Uninstall QUAD Registry Cleaner.lnk
    c:\windows\kb913800.exe
    c:\windows\privacy_danger
    c:\windows\privacy_danger\images\capt.gif
    c:\windows\privacy_danger\images\danger.jpg
    c:\windows\privacy_danger\images\down.gif
    c:\windows\privacy_danger\images\spacer.gif
    c:\windows\system32\TDSSsihc.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NWCWORKSTATION
    -------\Legacy_ONESTEP_SEARCH_SERVICE
    -------\Legacy_TDSSserv.sys
    -------\Service_NWCWorkstation
    -------\Service_OneStep Search Service
    -------\Service_TDSSserv.sys


    ((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
    .

    2009-08-12 09:41 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2009-08-11 20:53 . 2009-08-11 20:53 -------- d-----w- c:\program files\Trend Micro
    2009-08-11 20:45 . 2009-08-11 20:45 -------- d--h--w- c:\windows\system32\GroupPolicy
    2009-08-11 11:40 . 2009-08-11 14:24 -------- d-----w- C:\QUARANTINE
    2009-08-11 11:20 . 2009-08-11 11:20 -------- d-----w- c:\program files\Common Files\Cisco Systems
    2009-08-11 11:20 . 2007-10-25 22:06 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll
    2009-08-11 11:20 . 2008-10-07 03:50 34344 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2009-08-11 11:19 . 2008-10-07 03:50 64488 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2009-08-11 11:19 . 2008-10-07 03:50 72904 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2009-08-11 11:19 . 2008-10-07 03:50 52136 ----a-w- c:\windows\system32\drivers\mfetdik.sys
    2009-08-11 11:19 . 2008-10-07 03:50 177672 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2009-08-11 11:18 . 2009-08-11 11:18 -------- d-----w- c:\program files\Common Files\McAfee
    2009-08-08 14:36 . 2009-08-08 14:36 -------- d-----w- c:\documents and settings\N DOG\Application Data\TeamViewer
    2009-08-08 14:36 . 2009-08-08 14:36 -------- d-----w- c:\documents and settings\N DOG\temp
    2009-08-07 20:43 . 2009-08-07 20:43 131 ----a-w- c:\program files\AutoUpdate.dat
    2009-08-06 21:10 . 2009-08-06 22:31 -------- d-----w- C:\HMArchive
    2009-08-06 21:09 . 2009-08-06 21:09 -------- d-----w- c:\documents and settings\N DOG\Local Settings\Application Data\Xenocode
    2009-08-06 21:08 . 2009-08-06 21:08 -------- d-----w- c:\documents and settings\N DOG\Local Settings\Application Data\IsolatedStorage
    2009-08-06 21:08 . 2009-08-06 21:08 29926 ----a-r- c:\documents and settings\N DOG\Application Data\Microsoft\Installer\{42DE940E-8037-4266-9FBF-5A3AEDA39E96}\_47FD7F112FA437019807FA.exe
    2009-08-06 21:08 . 2009-08-06 21:08 29926 ----a-r- c:\documents and settings\N DOG\Application Data\Microsoft\Installer\{42DE940E-8037-4266-9FBF-5A3AEDA39E96}\_442955DD8D4B74CBA939C5.exe
    2009-08-06 21:08 . 2009-08-06 21:08 -------- d-----w- c:\program files\RVG Software
    2009-08-06 10:28 . 2009-08-06 10:28 -------- d-----w- c:\windows\system32\XPSViewer
    2009-08-06 10:27 . 2009-08-06 10:27 -------- d-----w- c:\program files\MSBuild
    2009-08-06 10:26 . 2009-08-06 10:26 -------- d-----w- c:\program files\Reference Assemblies
    2009-08-06 10:22 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
    2009-08-06 10:22 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-08-06 10:22 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-08-06 10:22 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-08-06 10:22 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2009-08-06 10:22 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2009-08-06 10:22 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2009-08-06 10:22 . 2009-08-06 10:25 -------- d-----w- C:\301d05d2b2ba94f864
    2009-08-06 10:21 . 2009-08-06 11:05 -------- d-----w- c:\windows\SxsCaPendDel
    2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
    2009-08-05 03:31 . 2009-08-18 08:54 -------- d-----w- c:\program files\Absolute Poker
    2009-07-22 23:55 . 2009-07-22 23:53 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2009-07-22 23:53 . 2009-08-11 11:00 -------- d-----w- c:\documents and settings\N DOG\.housecall6.6

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-18 09:26 . 2009-06-21 09:16 -------- d-----w- c:\documents and settings\N DOG\Application Data\Gmote
    2009-08-18 01:26 . 2009-01-28 02:37 -------- d-----w- c:\program files\Full Tilt Poker
    2009-08-16 22:51 . 2007-01-20 00:32 -------- d-----w- c:\program files\PokerStars
    2009-08-12 05:40 . 2006-12-03 19:13 -------- d-----w- c:\program files\XoftSpy
    2009-08-11 11:40 . 2008-12-14 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\1899301891
    2009-08-11 11:20 . 2006-10-19 08:15 -------- d-----w- c:\program files\McAfee
    2009-08-11 11:20 . 2006-10-19 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2009-08-06 22:15 . 2009-08-06 22:15 -------- d-----w- c:\program files\PostgreSQL
    2009-08-06 21:08 . 2006-10-19 07:04 49696 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-08-05 09:01 . 2006-10-19 04:52 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-07-17 19:01 . 2006-10-19 04:52 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-13 17:08 . 2006-10-19 04:54 286720 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-06-26 16:50 . 2006-10-19 04:53 666624 ----a-w- c:\windows\system32\wininet.dll
    2009-06-26 16:50 . 2006-10-19 04:52 81920 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-25 08:25 . 2006-10-19 04:53 54272 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-25 08:25 . 2006-10-19 04:53 56832 ----a-w- c:\windows\system32\secur32.dll
    2009-06-25 08:25 . 2006-10-19 04:53 147456 ----a-w- c:\windows\system32\schannel.dll
    2009-06-25 08:25 . 2006-10-19 04:52 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-25 08:25 . 2006-10-19 04:52 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-25 08:25 . 2006-10-19 04:52 301568 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-24 11:18 . 2006-10-19 04:52 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-06-24 04:48 . 2009-06-24 04:48 -------- d-----w- c:\documents and settings\N DOG\Application Data\vlc
    2009-06-21 09:16 . 2009-06-21 09:16 -------- d--h--w- c:\program files\InstallJammer Registry
    2009-06-21 09:16 . 2009-06-21 09:16 -------- d-----w- c:\program files\GmoteServer
    2009-06-16 14:36 . 2006-10-19 04:53 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 14:36 . 2006-10-19 04:52 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-12 12:31 . 2006-10-19 04:53 80896 ----a-w- c:\windows\system32\tlntsess.exe
    2009-06-12 12:31 . 2006-10-19 04:53 76288 ----a-w- c:\windows\system32\telnet.exe
    2009-06-12 03:47 . 2009-06-12 03:47 390664 ----a-w- c:\documents and settings\N DOG\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
    2009-06-10 16:19 . 2006-10-19 05:17 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-06-10 14:13 . 2006-10-19 04:52 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-10 06:14 . 2006-10-19 04:53 132096 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-03 19:09 . 2006-10-19 04:53 1291264 ------w- c:\windows\system32\quartz.dll
    2009-05-25 08:08 . 2009-05-25 08:09 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-05-25 08:08 . 2009-05-25 08:08 152576 ----a-w- c:\documents and settings\N DOG\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
    "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
    "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
    "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-08-01 1773568]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-12 344064]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-05 198160]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 102400]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-09-06 16262656]
    "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-17 2879488]
    "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-18 89541]
    "CFSServ.exe"="CFSServ.exe" [BU]
    "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]
    "NDSTray.exe"="NDSTray.exe" [BU]

    c:\documents and settings\N DOG\Start Menu\Programs\Startup\
    GmoteServer.lnk - c:\program files\GmoteServer\GmoteServer.exe [2009-6-21 451584]
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
    RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-10-18 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
    "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\PokerStars\\PokerStarsUpdate.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Documents and Settings\\N DOG\\My Documents\\My Music\\SoulseekNS\\slsk.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

    R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [3/13/2009 05:50 AM 65536]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 11:50 AM 98816]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-lphc3wgj0e72g - c:\windows\system32\lphc3wgj0e72g.exe
    SSODL-axrfgvek-{E1BD8931-CC71-4A25-93E8-382919256EE0} - (no file)
    Notify-NavLogon - (no file)


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.msn.com
    mStart Page = hxxp://www.msn.com
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} - hxxps://install.cox.net/CoxSelfInstall/CoxSelfInstallAx10.ocx
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-18 02:22
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(616)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(3008)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\TPwrCfg.DLL
    c:\windows\system32\TPwrReg.dll
    c:\windows\system32\TPSTrace.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\acs.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\McAfee\Common Framework\FrameworkService.exe
    c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
    c:\program files\McAfee\Common Framework\naPrdMgr.exe
    c:\toshiba\IVP\swupdate\swupdtmr.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\windows\system32\ZuneBusEnum.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
    c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
    c:\program files\Synaptics\SynTP\SynTPEnh.exe
    c:\program files\McAfee\Common Framework\Mctray.exe
    c:\program files\Java\jre6\bin\javaw.exe
    c:\windows\system32\TPSBattM.exe
    c:\program files\HP\Digital Imaging\bin\hpqste08.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-18 2:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-18 09:34

    Pre-Run: 41,362,550,784 bytes free
    Post-Run: 41,518,944,256 bytes free

    WinXP_EN_HOM_BF.EXE
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    291 --- E O F --- 2009-08-13 11:25
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download ATF Cleaner by Atribune.

    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.




    [​IMG] Download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




    Please do an online scan with Kaspersky WebScanner

    Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure the following is checked.
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        [*]Archives
        [*]Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    • Please post this log in your next reply.


    Upgrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
    • Click the "Download" button to the right.
    • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
    • Click on Continue.
    • Click on the link to download Windows Offline Installation (jre-6u14-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u14-windows-i586-p.exe and select "Run as an Administrator".)
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/851434

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice