Trojan: 2nd-thought.com

View previous topic View next topic Go down

Trojan: 2nd-thought.com

Post by smayracing92 on 3rd December 2010, 6:42 am

Hello,
My computer (Toshiba laptop Windows Vista) is apparently infected with a trojan called 2nd-thought.com according to a scan at Best Buy Geek Squad. I run trend micro internet security and it's not coming off. It doesn't even find it in the scan. The computer shuts off and powers itself down sometimes. Sometimes it just blanks out the screen and has to be re-booted. It has been running slower recently as well. Of course the Geek Squad want's $200.00 that I don't have, to fix or re-format so I'm looking for help from you guys if you can. Any help here would be appreciated.

Thanks,

Bryan

I ran OTL :
OTL logfile created on: 12/2/2010 8:16:05 PM - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 48.91 Gb Free Space | 33.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/14 21:10:15 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2010/09/06 01:52:30 | 000,715,440 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2010/01/25 23:40:54 | 000,278,648 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe
PRC - [2010/01/25 23:40:32 | 001,020,248 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2009/12/08 17:28:34 | 000,689,416 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/12/08 17:28:34 | 000,497,008 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/12/08 17:28:33 | 000,345,352 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/18 22:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/08/15 14:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/15 13:58:02 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/08/09 18:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/08/01 13:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/06/15 20:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/05/22 15:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2007/03/29 09:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 09:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2007/02/25 20:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006/11/14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/05/25 17:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/09/14 21:10:15 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
MOD - [2010/08/31 07:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2008/01/18 22:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/06 01:52:30 | 000,715,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/08 17:28:34 | 000,689,416 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/12/08 17:28:34 | 000,497,008 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/12/08 17:28:33 | 000,345,352 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008/01/18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/01 13:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 09:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/25 20:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 16:50:26 | 000,063,096 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 16:47:50 | 000,136,816 | ---- | M] () [Disabled | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 17:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/07/30 09:29:10 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2010/07/30 09:29:00 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2010/07/30 09:06:08 | 001,331,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2010/07/19 10:03:10 | 000,059,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 10:03:00 | 000,051,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 10:02:54 | 000,163,408 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2009/12/08 17:28:43 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/12/08 17:28:43 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/12/08 17:28:43 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/12/27 14:24:53 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WinDrvr6.sys -- (WinDriver6)
DRV - [2007/08/15 16:03:36 | 000,190,384 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/08/10 12:49:16 | 001,941,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/01 13:37:20 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/07/27 22:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/06/01 12:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/04/30 12:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/28 06:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007/03/21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/03 00:43:19 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/11/28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/19 22:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 14:32:28 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 14:31:46 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 01:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 01:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 01:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/30 10:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006/10/23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/05 21:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.4
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.0.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/05/04 14:20:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 20:26:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/02 20:04:52 | 000,000,000 | ---D | M]

[2010/05/12 19:58:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2010/05/12 19:58:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/02 20:06:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u2ehvuha.default\extensions
[2010/05/19 07:37:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u2ehvuha.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/27 14:31:21 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u2ehvuha.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/05/12 10:27:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u2ehvuha.default\extensions\firebug@software.joehewitt(49).com
[2010/05/19 08:46:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u2ehvuha.default\extensions\firebug@software.joehewitt.com
[2010/12/02 20:05:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/02 20:05:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/02 20:04:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/12/22 21:05:11 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\Pictures\Christmas\2009\kids\DSC03327a.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\Pictures\Christmas\2009\kids\DSC03327a.jpg
O30 - LSA: Authentication Packages - (ft Co) - File not found
O30 - LSA: Security Packages - (84-1336111360-1000) - File not found
O30 - LSA: Security Packages - (㭐ꆑ&) - File not found
O30 - LSA: Security Packages - (竸) - File not found
O30 - LSA: Security Packages - () - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0422358f-2555-11de-90f5-00a0d1846325}\Shell - "" = AutoRun
O33 - MountPoints2\{0422358f-2555-11de-90f5-00a0d1846325}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{314eff82-0861-11de-97b7-00a0d1846325}\Shell - "" = AutoRun
O33 - MountPoints2\{314eff82-0861-11de-97b7-00a0d1846325}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3eb721f2-d5a5-11dd-b06c-00a0d1846325}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - StartUpReg: TOSCDSPD - hkey= - key= - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.YVU9 - iyvu9_32.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/02 20:08:43 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\JavaRa
[2010/12/02 20:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/12/02 20:04:52 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/12/02 20:04:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/12/02 20:04:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/12/02 20:04:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/23 09:08:55 | 000,000,000 | ---D | C] -- C:\9776b502a9b2a00e8c13b870847be51b
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/02 20:21:16 | 003,145,728 | -HS- | M] () -- C:\Users\User\ntuser.dat
[2010/12/02 20:04:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/12/02 20:04:14 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/12/02 20:04:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/12/02 20:04:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/12/02 19:36:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-80849235-3126909984-1336111360-1000UA.job
[2010/12/02 19:28:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/02 19:07:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/02 17:10:13 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/02 17:10:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/02 17:02:50 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/02 17:02:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/12/02 17:02:36 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/02 11:02:16 | 000,524,288 | -HS- | M] () -- C:\Users\User\ntuser.dat{7eca8bff-d54f-11df-adb2-001644188894}.TMContainer00000000000000000001.regtrans-ms
[2010/12/02 11:02:16 | 000,065,536 | -HS- | M] () -- C:\Users\User\ntuser.dat{7eca8bff-d54f-11df-adb2-001644188894}.TM.blf
[2010/12/01 21:36:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-80849235-3126909984-1336111360-1000Core.job
[2010/12/01 18:21:43 | 000,135,168 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/01 18:14:46 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/01 18:14:46 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/01 18:14:45 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/12/01 17:25:06 | 123,471,683 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/01 14:57:52 | 002,240,547 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2010/11/30 09:12:56 | 000,259,125 | ---- | M] () -- C:\Users\User\Desktop\Mafia Wars.xlsx
[2010/11/21 23:21:52 | 000,043,980 | ---- | M] () -- C:\Users\User\Desktop\Master Coin List.xlsx
[2010/11/04 15:38:33 | 000,002,048 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2010/11/04 15:38:33 | 000,002,010 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/23 14:49:22 | 000,000,036 | ---- | C] () -- C:\Users\User\AppData\Local\housecall.guid.cache
[2009/12/08 17:28:43 | 000,163,408 | ---- | C] () -- C:\Windows\System32\drivers\tmcomm.sys
[2009/12/08 17:28:43 | 000,059,472 | ---- | C] () -- C:\Windows\System32\drivers\tmactmon.sys
[2009/12/08 17:28:43 | 000,051,792 | ---- | C] () -- C:\Windows\System32\drivers\tmevtmgr.sys
[2009/11/03 17:02:08 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/04 16:12:56 | 000,000,029 | ---- | C] () -- C:\ProgramData\counter.cfg
[2009/05/04 13:40:01 | 000,003,566 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/12/01 17:34:45 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008/11/17 09:39:38 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
[2008/11/09 15:57:35 | 000,135,168 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/22 12:33:11 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/08/22 12:18:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/08/22 12:18:54 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/08/22 12:18:54 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/08/22 12:18:54 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/08/22 12:18:54 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/08/22 12:18:54 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/22 11:49:10 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/08/22 11:49:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/08/22 11:49:10 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/08/22 11:49:10 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/08/22 11:45:08 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/07/27 22:26:30 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/12/05 12:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 09:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/22 20:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/11/02 04:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 04:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 04:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 13:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/10/17 13:55:18 | 000,321,536 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp696.dll
[2006/11/02 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/10/28 10:24:10 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/11/03 19:04:48 | 000,000,286 | -HS- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/09/14 21:10:15 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/10/28 20:26:11 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/10/28 20:26:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/10/28 20:26:13 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2010/10/28 20:26:13 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/10/27 16:24:33 | 000,000,402 | -HS- | M] () -- C:\Users\User\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/05/04 16:12:56 | 000,000,029 | ---- | M] () -- C:\ProgramData\counter.cfg
[2010/10/26 20:37:38 | 000,003,566 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/07/19 10:03:10 | 000,059,472 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\tmactmon.sys
[2010/07/19 10:02:54 | 000,163,408 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\tmcomm.sys
[2010/07/19 10:03:00 | 000,051,792 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\tmevtmgr.sys

< %systemroot%\System32\config\*.sav >
[2007/08/22 11:24:17 | 006,602,752 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007/08/22 11:24:15 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007/08/22 11:24:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007/08/22 11:24:27 | 015,556,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007/08/22 11:24:29 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/01 23:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2008/01/18 22:43:00 | 000,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/01 23:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/01 23:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/01 23:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/01 23:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/01 23:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/01 23:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/01 23:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/01 23:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/01 23:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/01 23:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/01 23:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/01 23:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/01 23:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/01 23:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/08/31 05:39:46 | 002,037,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2007/07/27 21:41:46 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/10/17 13:55:18 | 000,321,536 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp696.dll
[2006/11/02 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %SYSTEMDRIVE%\*.* >
[2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/18 22:45:46 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2007/08/22 11:24:31 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/12/22 21:05:02 | 000,214,518 | ---- | M] () -- C:\coreuninstall.log
[2010/12/02 17:02:36 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/04 12:01:33 | 000,000,164 | ---- | M] () -- C:\install.dat
[2008/12/01 17:34:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/01 17:34:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/02 17:02:34 | 2325,024,768 | -HS- | M] () -- C:\pagefile.sys
[2009/12/22 21:05:11 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1
[2009/12/22 21:05:11 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2
[2010/09/14 21:08:35 | 000,000,453 | ---- | M] () -- C:\rkill.log

< %PROGRAMFILES%\*. >
[2010/07/25 17:43:45 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2009/05/20 13:53:52 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/09/05 10:17:24 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2007/08/22 11:30:01 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2007/08/22 12:45:33 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/07/25 18:53:00 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2010/07/23 09:59:47 | 000,000,000 | ---D | M] -- C:\Program Files\Barbie(R) idesign(TM) Ultimate Stylist(TM)
[2010/07/27 16:43:05 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/09/05 10:18:09 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/12/01 17:36:38 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2009/01/05 17:17:10 | 000,000,000 | ---D | M] -- C:\Program Files\Disney
[2010/09/08 21:34:31 | 000,000,000 | ---D | M] -- C:\Program Files\FreeOnlineRadioPlayerRecorder
[2010/09/19 11:19:32 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/05/04 13:45:53 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/07/25 17:48:28 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/07/01 19:42:15 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/10/14 08:55:06 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/08/22 12:18:53 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2007/08/22 12:19:37 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2010/12/02 20:03:55 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/11 08:51:02 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2007/08/22 11:49:10 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2010/07/23 18:20:21 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/23 05:03:15 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2009/04/26 12:29:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2008/10/27 15:11:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/10/01 16:14:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/08/12 07:14:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 05:01:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/12 11:44:19 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/28 20:26:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/11/25 17:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\MP3 CD Converter Professional
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/08/22 10:57:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/09/08 21:35:16 | 000,000,000 | ---D | M] -- C:\Program Files\Music Editor Free
[2009/02/24 11:44:21 | 000,000,000 | ---D | M] -- C:\Program Files\MySpace
[2010/09/25 16:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/05/19 13:15:29 | 000,000,000 | ---D | M] -- C:\Program Files\Qwest
[2007/08/22 11:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2008/10/27 15:20:54 | 000,000,000 | ---D | M] -- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/08/22 11:48:03 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2008/10/27 15:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba
[2010/07/01 19:49:44 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA Games
[2007/08/22 12:07:20 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba Registration
[2009/12/08 17:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2008/12/02 09:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro(TM) AntiVirus
[2007/08/22 12:15:29 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2006/11/02 05:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/07/01 19:47:15 | 000,000,000 | ---D | M] -- C:\Program Files\Unity
[2008/12/29 04:46:28 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2007/08/22 11:38:03 | 000,000,000 | ---D | M] -- C:\Program Files\Winbond Electronics Corporation
[2008/10/28 10:16:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/10/28 10:16:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/07/21 13:57:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/10/28 10:16:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/11/12 09:28:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2007/08/22 12:18:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2010/10/14 08:55:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 04:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/10/28 10:16:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/10/28 10:16:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar


smayracing92
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-07-24
Gender Gender : Male
OS OS : Vista
Protection Protection : Trend-Micro Internet Security
Points Points : 23785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by smayracing92 on 3rd December 2010, 6:44 am

< %appdata%\*.* >
[2008/11/17 09:39:38 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2008/01/18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/10/28 08:25:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/10/28 08:25:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/10/28 08:25:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/10 22:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/18 22:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys
[2008/01/18 22:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/18 22:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 01:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/18 22:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/18 22:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: KR10N.SYS >
[2006/11/09 14:31:46 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6A4ADB9186DD0E114E623DAF57E42B31 -- C:\Windows\System32\drivers\KR10N.sys
[2006/11/09 14:31:46 | 000,211,072 | R--- | M] (TOSHIBA CORPORATION) MD5=6A4ADB9186DD0E114E623DAF57E42B31 -- C:\Windows\System32\DriverStore\FileRepository\kr10.inf_c681c175\KR10N.sys
[2007/01/03 00:43:19 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) MD5=A1963360E74931222A67356C8AD48378 -- C:\Windows\System32\DriverStore\FileRepository\kr10n.inf_f8c77270\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 01:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/18 22:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/18 22:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/18 22:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/18 22:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 01:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2007/08/22 11:28:01 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
[2007/08/22 11:28:01 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
[2007/08/22 11:28:01 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
[2008/01/18 20:53:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/01/18 20:53:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/18 20:53:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/10 20:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 00:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-30 17:03:35

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

smayracing92
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-07-24
Gender Gender : Male
OS OS : Vista
Protection Protection : Trend-Micro Internet Security
Points Points : 23785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by Dr Jay on 3rd December 2010, 5:39 pm

Note: the following tool is to only be used under the guidance of a malware helper. In the event you already have the tool, please delete the old copy and download a new copy.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.] (Click the green button on the page to download it).


Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\combo-fix.exe" /killall
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista, so it will just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by smayracing92 on 4th December 2010, 3:50 am

ok, so i finally got combo fix to run right but it never had a place to paste the command into the search box & hit enter: "%userprofile%\desktop\combo-fix.exe" /killall

it opens a bue box and says combo-fix is preparing to start, then starts an automatic scan. here is the log from that scan. i never saw a place to paste the command above.

let me know if i did something wrong.

thanks,

Bryan

ComboFix 10-12-03.01 - User 12/03/2010 19:26:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1917.1082 [GMT -8:00]
Running from: c:\users\User\Desktop\combo-fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\service
c:\windows\system32\service\01032010_TIS17_SfFniAU.log
c:\windows\system32\service\02042010_TIS17_SfFniAU.log
c:\windows\system32\service\03022010_TIS17_SfFniAU.log
c:\windows\system32\service\05022010_TIS17_SfFniAU.log
c:\windows\system32\service\05062010_TIS17_SfFniAU.log
c:\windows\system32\service\08022010_TIS17_SfFniAU.log
c:\windows\system32\service\12012010_TIS17_SfFniAU.log
c:\windows\system32\service\12032010_TIS17_SfFniAU.log
c:\windows\system32\service\12062010_TIS17_SfFniAU.log
c:\windows\system32\service\13032010_TIS17_SfFniAU.log
c:\windows\system32\service\13122009_TIS17_SfFniAU.log
c:\windows\system32\service\14022010_TIS17_SfFniAU.log
c:\windows\system32\service\17062010_TIS17_SfFniAU.log
c:\windows\system32\service\18062010_TIS17_SfFniAU.log
c:\windows\system32\service\19042010_TIS17_SfFniAU.log
c:\windows\system32\service\22022010_TIS17_SfFniAU.log
c:\windows\system32\service\23032010_TIS17_SfFniAU.log
c:\windows\system32\service\23042010_TIS17_SfFniAU.log
c:\windows\system32\service\23052010_TIS17_SfFniAU.log
c:\windows\system32\service\23062010_TIS17_SfFniAU.log
c:\windows\system32\service\24052010_TIS17_SfFniAU.log
c:\windows\system32\service\25022010_TIS17_SfFniAU.log
c:\windows\system32\service\27062010_TIS17_SfFniAU.log
c:\windows\system32\service\28022010_TIS17_SfFniAU.log
c:\windows\system32\service\28042010_TIS17_SfFniAU.log

.
((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))
.

2010-12-04 03:39 . 2010-12-04 03:39 -------- d-----w- c:\users\User\AppData\Local\temp
2010-12-04 03:39 . 2010-12-04 03:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-04 02:37 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FBCB8EA-EF59-478D-9B60-03BDA36D1F36}\mpengine.dll
2010-12-03 04:04 . 2010-12-03 04:04 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-03 04:04 . 2010-12-03 04:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-23 17:08 . 2010-11-23 17:09 -------- d-----w- C:\9776b502a9b2a00e8c13b870847be51b
2010-11-11 17:07 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 18:41 . 2009-10-02 21:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-20 09:25 . 2010-10-14 16:09 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-09-10 16:37 . 2010-10-13 16:14 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 17:26 . 2010-10-13 16:15 833024 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 17:23 . 2010-10-13 16:15 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 15:53 . 2010-10-13 16:15 389632 ----a-w- c:\windows\system32\html.iec
2010-09-08 15:28 . 2010-10-13 16:15 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:24 . 2010-10-13 16:13 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:23 . 2010-10-13 16:13 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 14:13 . 2010-10-13 16:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 14:12 . 2010-10-13 16:13 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 14:12 . 2010-10-13 16:13 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-03 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2007-08-10 4702208]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"Skytel"="c:\windows\Skytel.exe" [2007-08-03 1826816]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 19:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2007-05-18 10:43 430080 ----a-w- c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-03 136176]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-12-09 146448]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 36432]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-12-09 283152]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-06-01 252416]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-19 51792]
S3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-12-09 497008]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-12-09 689416]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-19 00:26]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-19 00:26]

2010-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80849235-3126909984-1336111360-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-03 00:26]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80849235-3126909984-1336111360-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-03 00:26]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u2ehvuha.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\User\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u2ehvuha.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Firebug: [You must be registered and logged in to see this link.] - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u2ehvuha.default\extensions\firebug@software.joehewitt.com
FF - Extension: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\u2ehvuha.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-12-03 19:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-12-03 19:43:55
ComboFix-quarantined-files.txt 2010-12-04 03:43

Pre-Run: 58,116,276,224 bytes free
Post-Run: 58,114,985,984 bytes free

- - End Of File - - B07EE6D0D2DCCF4FD1AEE00A49EFCD32

smayracing92
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-07-24
Gender Gender : Male
OS OS : Vista
Protection Protection : Trend-Micro Internet Security
Points Points : 23785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by Dr Jay on 4th December 2010, 6:31 am

Scan with Malwarebytes' Anti-Malware

Please open Malwarebytes' Anti-Malware, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by smayracing92 on 5th December 2010, 6:38 am

I updated and ran the scan. Log file to follow:

Malwarebytes' Anti-Malware 1.50
[You must be registered and logged in to see this link.]

Database version: 5214

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

12/4/2010 10:32:26 PM
mbam-log-2010-12-04 (22-32-26).txt

Scan type: Quick scan
Objects scanned: 138950
Time elapsed: 14 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

smayracing92
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-07-24
Gender Gender : Male
OS OS : Vista
Protection Protection : Trend-Micro Internet Security
Points Points : 23785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by Dr Jay on 6th December 2010, 7:05 pm

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by smayracing92 on 7th December 2010, 7:13 am


I ran the Eset online scanner and have the log file:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=11e9edc66f0e61489a755c5c946f7ec6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-07 07:09:03
# local_time=2010-12-06 11:09:03 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=513 16777149 100 100 0 30461011 0 0
# compatibility_mode=5892 16776573 100 100 0 128308650 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=137852
# found=1
# cleaned=1
# scan_time=4622
C:\Program Files\Trend Micro\Internet Security\TmpxTmp\htt876A.tmp a variant of Win32/Adware.Gamevance.AJ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C



smayracing92
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-07-24
Gender Gender : Male
OS OS : Vista
Protection Protection : Trend-Micro Internet Security
Points Points : 23785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by Dr Jay on 8th December 2010, 8:07 pm

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by smayracing92 on 10th December 2010, 5:39 am

ok, it has been running slow for a while now mostly online. no error messages or fake antivirus alerts but system crashes quite often (like just five min. ago) and blue screen of death has been happening almost once every three days although has been a little bit better recently (last 10 days or so) only a couple of times. and for the first time ever, i don't see svchost.exe at all in the task mgr screen. isn't that abnormal?

smayracing92
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-07-24
Gender Gender : Male
OS OS : Vista
Protection Protection : Trend-Micro Internet Security
Points Points : 23785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by Dr Jay on 10th December 2010, 7:05 pm

Download WhoCrashed [You must be registered and logged in to see this link.]
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it Say Yes

WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by smayracing92 on 11th December 2010, 3:52 am

Thanks DragonMaster! I appreciate all the help so far! I ran the WhoCrashed scan. Her is the report:




--------------------------------------------------------------------------------
System Information (local)
--------------------------------------------------------------------------------

computer name: USER-PC
windows version: Windows Vista Service Pack 1, 6.0, build: 6001
windows dir: C:\Windows
CPU: AuthenticAMD AMD Turion(tm) 64 X2 Mobile Technology TL-58 AMD586, level: 15
2 logical processors, active mask: 3
RAM: 2010451968 total
VM: 2147352576, free: 2012733440



--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.


On Mon 12/6/2010 9:24:46 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini120610-01.dmp
This was probably caused by the following module: win32k.sys (win32k+0x3DA47)
Bugcheck code: 0x1A (0x41790, 0xFFFFFFFFC080208A, 0xFFFF, 0x0)
Error: MEMORY_MANAGEMENT
file path: C:\Windows\system32\win32k.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Multi-User Win32 Driver
Bug check description: This indicates that a severe memory management error occurred.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


On Mon 12/6/2010 9:24:46 PM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: win32k.sys (win32k+0x3DA47)
Bugcheck code: 0x1A (0x41790, 0xFFFFFFFFC080208A, 0xFFFF, 0x0)
Error: MEMORY_MANAGEMENT
file path: C:\Windows\system32\win32k.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Multi-User Win32 Driver
Bug check description: This indicates that a severe memory management error occurred.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


On Sun 12/5/2010 1:41:54 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini120410-02.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0xCD1E3)
Bugcheck code: 0x9F (0x3, 0xFFFFFFFF866B2C70, 0xFFFFFFFF866B2C70, 0xFFFFFFFF86B96CD8)
Error: DRIVER_POWER_STATE_FAILURE
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Sat 12/4/2010 2:20:23 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini120410-01.dmp
This was probably caused by the following module: atikmdag.sys (atikmdag+0xE88DE)
Bugcheck code: 0x50 (0xFFFFFFFF8BCD000C, 0x0, 0xFFFFFFFF8B4F28DE, 0x0)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\Windows\system32\drivers\atikmdag.sys
product: ATI Radeon Family
company: ATI Technologies Inc.
description: ATI Radeon Kernel Mode Driver
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: atikmdag.sys (ATI Radeon Kernel Mode Driver, ATI Technologies Inc.).
Google query: atikmdag.sys ATI Technologies Inc. PAGE_FAULT_IN_NONPAGED_AREA




On Thu 12/2/2010 1:12:09 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini120110-01.dmp
This was probably caused by the following module: atikmdag.sys (atikmdag+0xEEE9)
Bugcheck code: 0x7F (0xD, 0x0, 0x0, 0x0)
Error: UNEXPECTED_KERNEL_MODE_TRAP
file path: C:\Windows\system32\drivers\atikmdag.sys
product: ATI Radeon Family
company: ATI Technologies Inc.
description: ATI Radeon Kernel Mode Driver
Bug check description: This bug check indicates that the Intel CPU generated a trap and the kernel failed to catch this trap.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: atikmdag.sys (ATI Radeon Kernel Mode Driver, ATI Technologies Inc.).
Google query: atikmdag.sys ATI Technologies Inc. UNEXPECTED_KERNEL_MODE_TRAP




On Tue 11/30/2010 4:21:04 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini113010-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0xCD1E3)
Bugcheck code: 0xC2 (0x7, 0x110B, 0xFFFFFFFF89E78618, 0xFFFFFFFF8E311718)
Error: BAD_POOL_CALLER
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the current thread is making a bad pool request.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Sat 11/27/2010 7:17:36 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini112610-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0x20D33B)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFFFFF8220F33B, 0xFFFFFFFF8C5D892C, 0xFFFFFFFF8C5D8628)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Wed 11/24/2010 4:09:16 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini112410-01.dmp
This was probably caused by the following module: ecache.sys (ecache+0x55F9)
Bugcheck code: 0x1A (0x5100, 0xFFFFFFFFC0488EE8, 0x23, 0x200)
Error: MEMORY_MANAGEMENT
file path: C:\Windows\system32\drivers\ecache.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Special Memory Device Cache
Bug check description: This indicates that a severe memory management error occurred.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


On Sat 11/20/2010 5:02:31 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini112010-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0xCD1E3)
Bugcheck code: 0x9F (0x3, 0xFFFFFFFF866B3C70, 0xFFFFFFFF866B3C70, 0xFFFFFFFF86E92368)
Error: DRIVER_POWER_STATE_FAILURE
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Tue 11/16/2010 5:34:45 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini111610-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0xCD1E3)
Bugcheck code: 0x9F (0x3, 0xFFFFFFFF867D4C70, 0xFFFFFFFF867D4C70, 0xFFFFFFFF86E9D210)
Error: DRIVER_POWER_STATE_FAILURE
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Thu 11/11/2010 4:35:15 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini111110-01.dmp
This was probably caused by the following module: win32k.sys (win32k+0x3DA47)
Bugcheck code: 0x1A (0x41790, 0xFFFFFFFFC0802072, 0xFFFF, 0x0)
Error: MEMORY_MANAGEMENT
file path: C:\Windows\system32\win32k.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Multi-User Win32 Driver
Bug check description: This indicates that a severe memory management error occurred.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


On Tue 11/9/2010 11:28:50 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini110910-01.dmp
This was probably caused by the following module: win32k.sys (win32k+0x3DA47)
Bugcheck code: 0x1A (0x41790, 0xFFFFFFFFC0802072, 0xFFFF, 0x0)
Error: MEMORY_MANAGEMENT
file path: C:\Windows\system32\win32k.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Multi-User Win32 Driver
Bug check description: This indicates that a severe memory management error occurred.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


On Sat 11/6/2010 4:28:03 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini110610-01.dmp
This was probably caused by the following module: fltmgr.sys (fltmgr+0x1C90B)
Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFF821241C5, 0xFFFFFFFF97B2470C, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\drivers\fltmgr.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Microsoft Filesystem Filter Manager
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


On Sat 11/6/2010 1:50:22 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini110510-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0x20E263)
Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFF82258263, 0xFFFFFFFFAF13FBB4, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Wed 11/3/2010 7:23:37 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini110310-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0xCD1E3)
Bugcheck code: 0x9F (0x3, 0xFFFFFFFF8662FC70, 0xFFFFFFFF8662FC70, 0xFFFFFFFF84A136C8)
Error: DRIVER_POWER_STATE_FAILURE
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.



--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

31 crash dumps have been found and analyzed. Only 15 are included in this report. 3 third party drivers have been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

atikmdag.sys (ATI Radeon Kernel Mode Driver, ATI Technologies Inc.)

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.






smayracing92
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-07-24
Gender Gender : Male
OS OS : Vista
Protection Protection : Trend-Micro Internet Security
Points Points : 23785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by Dr Jay on 11th December 2010, 6:27 am

Reboot your computer, and when you see the first screen, press the Spacebar to access the boot manager. Once there, use the arrow key to go down to Windows Memory Diagnostic.

Please let the test run. When finished, let me know of the results.

Note: if the Spacebar does not activate the boot manager, then try again, except press the F8 key three times.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by smayracing92 on 12th December 2010, 3:02 am

well, i tried to use spacebar, but it didn't seem to work. it said push f12 for the boot menu and windows memory diagnostic was not one of the options. i tried f8 and that was not an option there either. i was going to write down the f12 options it was giving me but just then it decided it was not going to re-boot. it kept shutting off during the boot process. it was trying to do the startup repair and was also shutting down. after finally completing the startup repair it said it was unsuccessful and i should make sure i didn't have anything connected like a camera or the such. i did happen to have my mp3 player charging and after removing it, it did finally restore and re-boot. i don't know why this should have happened but it seemed to work better with it removed.

how should i proceed? where might i find the windows memory diagnostic? i'll try it again and tell you what i find for options if i can get that far.

Thanks,

Bryan

smayracing92
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-07-24
Gender Gender : Male
OS OS : Vista
Protection Protection : Trend-Micro Internet Security
Points Points : 23785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by smayracing92 on 12th December 2010, 9:08 pm

i was able to get the spacebar to take me to the correct screen finally, but the computer shut down before i could select the correct option. every time i try to re-boot and get there it has been shutting down. i'll keep trying and post the report here when i get it.

smayracing92
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-07-24
Gender Gender : Male
OS OS : Vista
Protection Protection : Trend-Micro Internet Security
Points Points : 23785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by Dr Jay on 13th December 2010, 3:20 am

ok


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by smayracing92 on 15th December 2010, 4:17 am

Well, it's not going to run the scan. I've been trying multiple times for three days. There are four indicator lights on the front of this laptop. One indicating the power cord is plugged in, which is always blue since I always plug it in. Then the power light indicating the computer is powered up and on. Then a battery life/use which is normally always blue since the battery is normally fully charged, and the hard drive indicator light that blinks intermittently during use of the drive. When I use the computer, like I mentioned before, it crashes from time to time. Sometimes the screen goes a gray color and all the power lights are still on, and i just have to power down and restart. Sometimes, it completely powers down and even the power cord light goes off, which never should be off since it is on any time the plug is in, weather the computer is on or not. So whatever the nature of this type of shutdown, even that light goes off. Then approximately three to five seconds later, it recovers from the crash to give just the power cord light on only, and nothing else, just like it was powered down properly. I have no idea why the power cord light would ever go off. This seems like it is tied to the major problem plaguing this computer. Also the main cause as to why I cannot run the scan you requested. Most of the time, I get less than 10 percent through the scan and it crashes. The first time, I got it to 37 percent and it did mention something about a problem it found but it was not specific yet since the scan wasn't complete. I had to do a system restore just to get it to boot up again. Is there anything else I can check or scan to go forward from here? Please let me know.

Thanks,

Bryan

smayracing92
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-07-24
Gender Gender : Male
OS OS : Vista
Protection Protection : Trend-Micro Internet Security
Points Points : 23785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by Dr Jay on 15th December 2010, 11:16 pm

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by smayracing92 on 19th December 2010, 9:44 pm

Hey Jay,
I finally got the memory diagnostic to complete, but I had to do the basic quick scan since there's no way the full normal scan will run. But I can keep trying if you think it's still necessary. Let me know. I thought it was going to produce some kind of log, but I don't see one. A window popped up telling me the computer has memory problems and to contact the computer manufacturer to identify and repair the problem. Then has a "troubleshoot memory problems" link which only gives me the same crap: contact he manufacturer. Is there someplace I need to look to find any log that may have been produced?

I'm going to go run the MBRCheck now and I'll get the log for that for you.

Thanks!

Bryan

smayracing92
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-07-24
Gender Gender : Male
OS OS : Vista
Protection Protection : Trend-Micro Internet Security
Points Points : 23785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by smayracing92 on 19th December 2010, 9:48 pm

Ok, I ran the MBRCheck. Here's the log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: ATI
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: TOSHIBA
System Product Name: Satellite A215
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 154):
0x8200D000 \SystemRoot\system32\ntkrnlpa.exe
0x823C6000 \SystemRoot\system32\hal.dll
0x8060E000 \SystemRoot\system32\kdcom.dll
0x80616000 \SystemRoot\system32\PSHED.dll
0x80627000 \SystemRoot\system32\BOOTVID.dll
0x8062F000 \SystemRoot\system32\CLFS.SYS
0x80670000 \SystemRoot\system32\CI.dll
0x80750000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807CC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82602000 \SystemRoot\system32\drivers\acpi.sys
0x82648000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82651000 \SystemRoot\system32\drivers\msisadrv.sys
0x82659000 \SystemRoot\system32\drivers\pci.sys
0x82680000 \SystemRoot\System32\drivers\partmgr.sys
0x8268F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82692000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8269C000 \SystemRoot\system32\drivers\volmgr.sys
0x826AB000 \SystemRoot\System32\drivers\volmgrx.sys
0x826F5000 \SystemRoot\system32\drivers\pciide.sys
0x826FC000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8270A000 \SystemRoot\System32\drivers\mountmgr.sys
0x8271A000 \SystemRoot\system32\drivers\atapi.sys
0x82722000 \SystemRoot\system32\drivers\ataport.SYS
0x82740000 \SystemRoot\system32\drivers\fltmgr.sys
0x82772000 \SystemRoot\system32\drivers\fileinfo.sys
0x82782000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8760E000 \SystemRoot\system32\drivers\ndis.sys
0x87719000 \SystemRoot\system32\drivers\msrpc.sys
0x87744000 \SystemRoot\system32\drivers\NETIO.SYS
0x8780E000 \SystemRoot\System32\drivers\tcpip.sys
0x878F7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87A0A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87B19000 \SystemRoot\system32\drivers\volsnap.sys
0x87B52000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x87B57000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x87BA2000 \SystemRoot\System32\Drivers\spldr.sys
0x87BAA000 \SystemRoot\System32\Drivers\mup.sys
0x87BB9000 \SystemRoot\System32\drivers\ecache.sys
0x87BE0000 \SystemRoot\system32\drivers\disk.sys
0x87912000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87BF1000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x87A00000 \SystemRoot\system32\drivers\crcdisk.sys
0x87969000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87974000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8797D000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x87985000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8B202000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8B92A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B9C9000 \SystemRoot\System32\drivers\watchdog.sys
0x8B9D6000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8B9EE000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x87995000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x879D3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B9F8000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x879E2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x87953000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8777E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x87800000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x87791000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8B9FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x877BE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x877C9000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x877D9000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x807D9000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x877E7000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8BC04000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8BC18000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8BC69000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8BC6D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8BC9B000 \SystemRoot\system32\DRIVERS\storport.sys
0x8BCDC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BCE7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BCFE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BD09000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BD2C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BD3B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BD4F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8BD64000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8BD74000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BD76000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BDA0000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8BDAE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8BDB8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BDC5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BE0E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8BE1F000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8BF3B000 \SystemRoot\system32\drivers\modem.sys
0x8C00D000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8BF48000 \SystemRoot\system32\drivers\portcls.sys
0x8BF75000 \SystemRoot\system32\drivers\drmk.sys
0x8C1E6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8C1EF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8C000000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8BF9A000 \SystemRoot\system32\DRIVERS\RTL8187B.sys
0x8BFE0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8BFE8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8BFF1000 \SystemRoot\System32\Drivers\Null.SYS
0x8BFF8000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BE00000 \SystemRoot\System32\drivers\vga.sys
0x8C20A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C22B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C233000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C23B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C246000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C254000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C25D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C273000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C287000 \SystemRoot\system32\drivers\afd.sys
0x8C2CF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C301000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C317000 \SystemRoot\system32\DRIVERS\tmlwf.sys
0x8C33D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C34B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C35E000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0x8C373000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C3AF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C3B9000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C3D0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C3DD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8C3E8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x93CC0000 \SystemRoot\System32\win32k.sys
0x8C3F0000 \SystemRoot\System32\drivers\Dxapi.sys
0x87933000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93EE0000 \SystemRoot\System32\TSDDD.dll
0x93F00000 \SystemRoot\System32\cdd.dll
0x93F10000 \SystemRoot\System32\ATMFD.DLL
0x9560A000 \SystemRoot\system32\drivers\luafv.sys
0x95625000 \SystemRoot\system32\DRIVERS\tmpreflt.sys
0x95632000 \SystemRoot\system32\DRIVERS\vsapint.sys
0x95776000 \SystemRoot\system32\DRIVERS\tmxpflt.sys
0x9740D000 \SystemRoot\system32\drivers\spsys.sys
0x974BC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x974CC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x974F6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x97500000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97513000 \SystemRoot\system32\drivers\HTTP.sys
0x97580000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9759D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x975B6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x975CB000 \SystemRoot\system32\drivers\mrxdav.sys
0x957CA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9940C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x99445000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9945D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x99485000 \SystemRoot\System32\DRIVERS\srv.sys
0x994EB000 \SystemRoot\system32\DRIVERS\tmcomm.sys
0x99518000 \SystemRoot\system32\drivers\peauth.sys
0x995F6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x99400000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B008000 \SystemRoot\system32\DRIVERS\tmwfp.sys
0x9B1B2000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9B1C8000 \SystemRoot\system32\DRIVERS\tmevtmgr.sys
0x9B1D7000 \SystemRoot\system32\DRIVERS\tmactmon.sys
0x77520000 \Windows\System32\ntdll.dll

Processes (total 74):
0 System Idle Process
4 System
484 C:\Windows\System32\smss.exe
612 csrss.exe
668 C:\Windows\System32\wininit.exe
680 csrss.exe
712 C:\Windows\System32\services.exe
740 C:\Windows\System32\winlogon.exe
760 C:\Windows\System32\lsass.exe
776 C:\Windows\System32\lsm.exe
916 C:\Windows\System32\svchost.exe
992 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1036 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\Ati2evxx.exe
1184 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\audiodg.exe
1380 C:\Windows\System32\SLsvc.exe
1420 C:\Windows\System32\svchost.exe
1592 C:\Windows\System32\Ati2evxx.exe
1760 C:\Windows\System32\dwm.exe
1840 C:\Windows\explorer.exe
1868 C:\Windows\System32\svchost.exe
188 C:\Windows\System32\taskeng.exe
340 C:\Windows\System32\spoolsv.exe
588 C:\Windows\System32\taskeng.exe
580 C:\Windows\System32\svchost.exe
2060 C:\Windows\System32\agrsmsvc.exe
2072 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
2116 C:\Windows\System32\svchost.exe
2144 C:\Windows\System32\svchost.exe
2356 C:\Windows\System32\svchost.exe
2368 C:\Windows\System32\svchost.exe
2400 C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
2412 C:\Windows\System32\svchost.exe
2484 C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
2596 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
2612 C:\Windows\System32\TODDSrv.exe
2632 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
2684 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2704 C:\Windows\System32\svchost.exe
2732 C:\Windows\System32\SearchIndexer.exe
2928 C:\Windows\System32\svchost.exe
3160 C:\Program Files\Windows Defender\MSASCui.exe
3168 C:\Windows\RtHDVCpl.exe
3176 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
3196 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
3216 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
3228 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
3300 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
3416 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3572 C:\Windows\System32\wbem\unsecapp.exe
3648 WmiPrvSE.exe
3792 C:\Program Files\Windows Media Player\wmpnscfg.exe
3964 C:\Program Files\Windows Media Player\wmpnetwk.exe
2556 C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
2992 C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
3632 C:\Program Files\Trend Micro\BM\TMBMSRV.exe
4148 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4300 C:\Windows\HelpPane.exe
4336 C:\Program Files\Synaptics\SynTP\SynToshiba.exe
5200 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
5312 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
5352 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
5284 C:\Windows\System32\wuauclt.exe
4636 C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
4500 C:\Program Files\Mozilla Firefox\firefox.exe
4112 C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
5464 C:\Program Files\Mozilla Firefox\plugin-container.exe
5880 C:\Windows\System32\SearchProtocolHost.exe
5668 C:\Windows\System32\SearchFilterHost.exe
4288 C:\Users\User\Desktop\B.J. Podcasts\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHY2160BH, Rev: 0000000B

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!

smayracing92
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-07-24
Gender Gender : Male
OS OS : Vista
Protection Protection : Trend-Micro Internet Security
Points Points : 23785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by Dr Jay on 20th December 2010, 9:41 am

Any problems running the memory diagnostic is a sign of bad memory, and if the scan says you have bad memory, then you might want to consider replacing your memory (RAM).

How is the computer running currently?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by smayracing92 on 22nd December 2010, 5:42 am

Well, right now it's running slower than normal, but it's ok. The shutting down issue is getting really annoying, but it only happens maybe once or twice a day. The best way to reproduce the failure is to run the memory diagnostic. It shuts down guaranteed within five minutes. I replaced my ram memory as an upgrade to double it about a year and a half ago and it always seemed to work fine. Do you think I should swap in the old ram and try the memory check again to rule it out or confirm the issue? I think I still have the old ram kicking around somewhere. Also, did the MBRCheck tell you anything? I'm curious.

Thanks!

Bryan

smayracing92
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-07-24
Gender Gender : Male
OS OS : Vista
Protection Protection : Trend-Micro Internet Security
Points Points : 23785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by Dr Jay on 22nd December 2010, 11:13 am

MBRCheck was fine.

Try the swap and see what happens during mem. diag.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by smayracing92 on 24th December 2010, 7:18 am

Damn, does this thing run slow now. Loading webpages takes forever. The memory test got to 94% before it shut off on me this time, but it never said that a memory problem was found like before so i think that there is a problem with the new memory and the old seems fine. i've been running the test as soon as i get up in the a.m. thinking that a cold start may help it not shut off. But this seems to have no effect, even cold it has still shut off in under a minute. I'll keep trying to complete the memory diagnostic with the old ram and see if i can get it to complete. What should i do next?

smayracing92
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-07-24
Gender Gender : Male
OS OS : Vista
Protection Protection : Trend-Micro Internet Security
Points Points : 23785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by Dr Jay on 26th December 2010, 6:52 pm

Try memtest.

1. [You must be registered and logged in to see this link.]
2. Unzip downloaded memtest86 -....iso.zip file.
3. Inside, you'll find memtest86 -....iso file.
4. Download, and install ImgBurn: [You must be registered and logged in to see this link.]
5. Insert blank CD into your CD drive.
6. Open ImgBurn, and click on Write image file to disc
7. Click on Browse for a file... icon:



8. Locate memtest86 -....iso file, and click Open button.
9. Click on ImgBurn green arrow to start burning bootable memtest86 CD:



10. Once the CD is created, boot from it, and memtest will automatically start to run.

The running program will look something like this depending on the size and number of ram modules installed:



It's recommended to run 5-6 passes. Each pass contains very same

8 tests.

This will show the progress of the test. It can take a while. Be patient, or leave it running overnight.



The following image is the test results area:



The most important item here is the “errors” line. If you see ANY errors, even one, most likely, you have bad RAM.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by Dr Jay on 2nd January 2011, 9:34 pm

Still with us?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by smayracing92 on 19th January 2011, 7:13 am

Hey there Jay,

Yes I'm still here. I have been using my work computer for the past couple of weeks since this one has been such a pain in my ass...LOL. I tried to download and run the Pre-Compiled Bootable ISO (.zip) but when I click on it in the downloads folder, all I get is the Toshiba Disc Creator, with my desktop folders. there is no memtest86 -....iso.zip file to unzip. Did I miss something? Let me know.

Thanks,

Bryan

smayracing92
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-07-24
Gender Gender : Male
OS OS : Vista
Protection Protection : Trend-Micro Internet Security
Points Points : 23785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by Dr Jay on 19th January 2011, 9:12 am

Try one of these: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by smayracing92 on 20th January 2011, 6:46 am

Jay,

Ok, I got it downloaded and burned to a disc. But when I tried to boot from it, the computer is always giving me a blank screen. The first time it did it's classic instant power down. After that it does nothing. Just a power button and a blank screen. I checked the disc files to see if it looked like they were right. There are two files on the disc. The first is "BOOT" security catalog at 2.00KB and the 2nd is "MEMTEST" IMG FILE at 1.40MB. looks ok to me, but it does not run. Any ideas?

Thanks,

Bryan

smayracing92
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-07-24
Gender Gender : Male
OS OS : Vista
Protection Protection : Trend-Micro Internet Security
Points Points : 23785
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by Dr Jay on 24th January 2011, 12:09 am

So, it is burnt on to the disc, but won't run? (Sorry for delay)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan: 2nd-thought.com

Post by smayracing92 on 13th February 2011, 8:07 pm

right. both files are there but will not run.

smayracing92
Novice
Novice

Posts Posts : 37
Joined Joined : 2010-07-24
Gender Gender : Male
OS OS : Vista
Protection Protection : Trend-Micro Internet Security
Points Points : 23785
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum