Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

host process for windows failure and Browser redirection

Started by haz101 , Jun 09 2011 04:45 AM

  • This topic is locked This topic is locked

#1
haz101
Posted 09 June 2011 - 04:45 AM

haz101

    New Member

  • Member
  • Pip
  • 4 posts
firstly thanks for your help!

symptoms:
First I have tried reformatting and it doesn't get rid of the problem.

Browser redirects.

Sometimes after laptop has been on for a while programmes do not install.

I noticed straight away Malware bytes stopped working
.
I receive an APPCRASH error when trying to play certain games.

Every 15 minutes this error will up "Host process for windows services has stopped working"
problem details are:
Problem Event Name: BEX
Application Name: svchost.exe
Application Version: 6.0.6001.18000
Application Timestamp: 47918b89
Fault Module Name: StackHash_837d
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Offset: 05d51b70
Exception Code: c0000005
Exception Data: 00000008
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 2057
Additional Information 1: 837d
Additional Information 2: 054a07a1e14b310479ce493edfcabee3
Additional Information 3: 1c87
Additional Information 4: 283fb7b44c6e637b747e8f11b997eee1

OTL Log


OTL logfile created on: 09/06/2011 11:25:58 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\BIG BAZ\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 61.34% Memory free
6.18 Gb Paging File | 4.98 Gb Available in Paging File | 80.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 99.07 Gb Free Space | 85.19% Space Free | Partition Type: NTFS
Drive D: | 115.13 Gb Total Space | 9.48 Gb Free Space | 8.23% Space Free | Partition Type: NTFS
Drive F: | 97.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BIGBAZ-PC | User Name: BIG BAZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/09 11:24:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\BIG BAZ\Downloads\OTL.exe
PRC - [2011/01/20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2008/02/20 17:55:44 | 000,021,504 | ---- | M] ( ) -- C:\tb_eula\EULALauncher.exe
PRC - [2008/01/29 18:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/29 16:00:40 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/01/25 11:22:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/01/22 14:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/21 03:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2008/01/17 16:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/09 14:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/25 13:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 13:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/09/25 01:11:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2007/08/24 04:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/08/04 03:08:06 | 000,749,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/08/03 22:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/26 08:13:24 | 000,452,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcregist.exe
PRC - [2007/07/25 01:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/22 20:15:18 | 002,376,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/07/10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
PRC - [2007/06/18 10:51:10 | 001,507,328 | ---- | M] (Interactive Digital Media) -- C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
PRC - [2007/05/04 11:05:08 | 000,571,024 | ---- | M] (Toshiba) -- C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
PRC - [2006/12/06 02:44:45 | 000,366,400 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/09 11:24:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\BIG BAZ\Downloads\OTL.exe
MOD - [2008/01/21 03:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (TOSHIBA Bluetooth Service)
SRV - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 13:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/08/24 04:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/08/04 03:08:06 | 000,749,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/07/25 02:16:16 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/07/25 01:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/22 20:15:18 | 002,376,992 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/06/09 00:43:50 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2008/02/15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/21 15:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/12/28 19:21:54 | 000,104,448 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/11/09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/26 06:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/24 12:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 07:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 09:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 09:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 09:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 09:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006/11/28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/06/08 16:47:58 | 000,001,030 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O1 - Hosts: 127.0.0.1 coo0lnet.net
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] c:\tb_eula\EULALauncher.exe ( )
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1999/02/03 20:32:04 | 000,000,043 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{86f26a33-91e9-11e0-9fb7-001e334bca39}\Shell - "" = AutoRun
O33 - MountPoints2\{86f26a33-91e9-11e0-9fb7-001e334bca39}\Shell\AutoRun\command - "" = F:\Setup.exe -- [1999/02/03 20:32:04 | 000,307,200 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- [1999/02/03 20:32:04 | 000,307,200 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/09 00:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acclaim Entertainment
[2011/06/09 00:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Acclaim Entertainment
[2011/06/09 00:49:00 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2011/06/09 00:43:50 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/06/09 00:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/06/09 00:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/06/09 00:43:04 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Roaming\DAEMON Tools Lite
[2011/06/09 00:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/06/08 22:39:27 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Roaming\Toshiba
[2011/06/08 17:22:13 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Roaming\WinRAR
[2011/06/08 17:22:13 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/08 17:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/08 17:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/06/08 17:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/06/08 17:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/06/08 17:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2011/06/08 17:20:03 | 000,000,000 | ---D | C] -- C:\extensions
[2011/06/08 17:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/06/08 17:18:49 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Roaming\uTorrent
[2011/06/08 17:14:41 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Roaming\Macromedia
[2011/06/08 17:14:41 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Roaming\Adobe
[2011/06/08 17:14:26 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/06/08 17:13:17 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Local\Deployment
[2011/06/08 17:13:17 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Local\Apps
[2011/06/08 17:12:43 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Roaming\Google
[2011/06/08 17:06:51 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Local\Toshiba
[2011/06/08 17:06:37 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\Documents\My Google Gadgets
[2011/06/08 17:06:27 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Local\Google
[2011/06/08 17:06:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/08 17:06:11 | 000,000,000 | R--D | C] -- C:\Users\BIG BAZ\Searches
[2011/06/08 17:06:11 | 000,000,000 | R--D | C] -- C:\Users\BIG BAZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/06/08 17:06:01 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Roaming\Identities
[2011/06/08 17:05:59 | 000,000,000 | R--D | C] -- C:\Users\BIG BAZ\Contacts
[2011/06/08 17:05:57 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Local\VirtualStore
[2011/06/08 17:04:47 | 000,491,520 | ---- | C] (Toshiba Corporation) -- C:\Windows\System32\cselect.exe
[2011/06/08 17:04:47 | 000,077,824 | ---- | C] (Toshiba Corporation) -- C:\Windows\System32\tosmreg.exe
[2011/06/08 17:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\ltmoh
[2011/06/08 17:04:16 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011/06/08 17:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ToshibaEurope
[2011/06/08 17:01:55 | 000,000,000 | -HSD | C] -- C:\Users\BIG BAZ\AppData\Local\Temporary Internet Files
[2011/06/08 17:01:55 | 000,000,000 | -HSD | C] -- C:\Users\BIG BAZ\Templates
[2011/06/08 17:01:55 | 000,000,000 | -HSD | C] -- C:\Users\BIG BAZ\Start Menu
[2011/06/08 17:01:55 | 000,000,000 | -HSD | C] -- C:\Users\BIG BAZ\SendTo
[2011/06/08 17:01:55 | 000,000,000 | -HSD | C] -- C:\Users\BIG BAZ\Recent
[2011/06/08 17:01:55 | 000,000,000 | -HSD | C] -- C:\Users\BIG BAZ\PrintHood
[2011/06/08 17:01:55 | 000,000,000 | -HSD | C] -- C:\Users\BIG BAZ\NetHood
[2011/06/08 17:01:55 | 000,000,000 | -HSD | C] -- C:\Users\BIG BAZ\Documents\My Videos
[2011/06/08 17:01:55 | 000,000,000 | -HSD | C] -- C:\Users\BIG BAZ\Documents\My Pictures
[2011/06/08 17:01:55 | 000,000,000 | -HSD | C] -- C:\Users\BIG BAZ\Documents\My Music
[2011/06/08 17:01:55 | 000,000,000 | -HSD | C] -- C:\Users\BIG BAZ\My Documents
[2011/06/08 17:01:55 | 000,000,000 | -HSD | C] -- C:\Users\BIG BAZ\Local Settings
[2011/06/08 17:01:55 | 000,000,000 | -HSD | C] -- C:\Users\BIG BAZ\AppData\Local\History
[2011/06/08 17:01:55 | 000,000,000 | -HSD | C] -- C:\Users\BIG BAZ\Cookies
[2011/06/08 17:01:55 | 000,000,000 | -HSD | C] -- C:\Users\BIG BAZ\Application Data
[2011/06/08 17:01:55 | 000,000,000 | -HSD | C] -- C:\Users\BIG BAZ\AppData\Local\Application Data
[2011/06/08 17:01:54 | 000,000,000 | --SD | C] -- C:\Users\BIG BAZ\AppData\Roaming\Microsoft
[2011/06/08 17:01:54 | 000,000,000 | R--D | C] -- C:\Users\BIG BAZ\Videos
[2011/06/08 17:01:54 | 000,000,000 | R--D | C] -- C:\Users\BIG BAZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/06/08 17:01:54 | 000,000,000 | R--D | C] -- C:\Users\BIG BAZ\Saved Games
[2011/06/08 17:01:54 | 000,000,000 | R--D | C] -- C:\Users\BIG BAZ\Pictures
[2011/06/08 17:01:54 | 000,000,000 | R--D | C] -- C:\Users\BIG BAZ\Music
[2011/06/08 17:01:54 | 000,000,000 | R--D | C] -- C:\Users\BIG BAZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/06/08 17:01:54 | 000,000,000 | R--D | C] -- C:\Users\BIG BAZ\Links
[2011/06/08 17:01:54 | 000,000,000 | R--D | C] -- C:\Users\BIG BAZ\Favorites
[2011/06/08 17:01:54 | 000,000,000 | R--D | C] -- C:\Users\BIG BAZ\Downloads
[2011/06/08 17:01:54 | 000,000,000 | R--D | C] -- C:\Users\BIG BAZ\Documents
[2011/06/08 17:01:54 | 000,000,000 | R--D | C] -- C:\Users\BIG BAZ\Desktop
[2011/06/08 17:01:54 | 000,000,000 | R--D | C] -- C:\Users\BIG BAZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/06/08 17:01:54 | 000,000,000 | -H-D | C] -- C:\Users\BIG BAZ\AppData
[2011/06/08 17:01:54 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Local\Temp
[2011/06/08 17:01:54 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Local\Microsoft
[2011/06/08 17:01:54 | 000,000,000 | ---D | C] -- C:\Users\BIG BAZ\AppData\Roaming\Media Center Programs
[2011/06/08 16:49:53 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/06/08 16:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2011/06/08 16:49:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\ENU
[2011/06/08 16:49:36 | 000,936,472 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\imsmudlg.exe
[2011/06/08 16:45:03 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/09 11:24:42 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/09 11:24:42 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/09 11:07:59 | 000,009,619 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/06/09 11:06:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/09 11:06:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/09 11:06:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/09 11:06:29 | 3210,698,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/09 01:18:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2494770111-745229505-1429380743-1000UA.job
[2011/06/09 00:53:03 | 000,001,046 | ---- | M] () -- C:\Users\BIG BAZ\Desktop\SouthPark - Shortcut.lnk
[2011/06/09 00:43:50 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/06/08 23:38:38 | 000,005,632 | ---- | M] () -- C:\Users\BIG BAZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/08 19:49:35 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/08 17:18:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2494770111-745229505-1429380743-1000Core.job
[2011/06/08 17:14:27 | 000,002,057 | ---- | M] () -- C:\Users\BIG BAZ\Desktop\Google Chrome.lnk
[2011/06/08 17:14:27 | 000,002,019 | ---- | M] () -- C:\Users\BIG BAZ\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/08 17:12:42 | 000,000,948 | ---- | M] () -- C:\Users\BIG BAZ\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/08 17:08:45 | 000,316,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/08 16:55:08 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/06/08 16:53:01 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\TOSHIBA_Satellite A300_06653-EN_PSAG0E-03U01.MRK
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/09 00:52:23 | 000,001,046 | ---- | C] () -- C:\Users\BIG BAZ\Desktop\SouthPark - Shortcut.lnk
[2011/06/08 23:38:08 | 000,005,632 | ---- | C] () -- C:\Users\BIG BAZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/08 19:49:35 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/08 17:14:27 | 000,002,057 | ---- | C] () -- C:\Users\BIG BAZ\Desktop\Google Chrome.lnk
[2011/06/08 17:14:27 | 000,002,019 | ---- | C] () -- C:\Users\BIG BAZ\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/08 17:13:34 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2494770111-745229505-1429380743-1000UA.job
[2011/06/08 17:13:34 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2494770111-745229505-1429380743-1000Core.job
[2011/06/08 17:12:42 | 000,000,948 | ---- | C] () -- C:\Users\BIG BAZ\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/08 17:06:12 | 000,000,954 | ---- | C] () -- C:\Users\BIG BAZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/06/08 17:06:09 | 000,000,949 | ---- | C] () -- C:\Users\BIG BAZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/06/08 17:05:58 | 000,000,920 | ---- | C] () -- C:\Users\BIG BAZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/06/08 17:04:47 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2011/06/08 17:04:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2011/06/08 17:04:47 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2011/06/08 17:04:47 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2011/06/08 17:01:54 | 000,000,258 | ---- | C] () -- C:\Users\BIG BAZ\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/08 17:01:54 | 000,000,240 | ---- | C] () -- C:\Users\BIG BAZ\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/08 16:53:01 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\TOSHIBA_Satellite A300_06653-EN_PSAG0E-03U01.MRK
[2011/06/08 16:45:05 | 3210,698,752 | -HS- | C] () -- C:\hiberfil.sys
[2008/04/23 07:43:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/04/22 18:04:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/04/22 18:04:18 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/04/22 18:04:18 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/04/22 18:04:18 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/04/22 18:04:18 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/04/22 18:04:18 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/04/22 17:21:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/22 17:19:28 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/04/22 17:19:28 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008/04/22 17:19:28 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/04/22 17:19:27 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/01/28 18:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/01/28 18:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/01/28 17:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/01/28 17:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/01/28 17:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/01/28 17:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2008/01/21 03:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,316,824 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,600,378 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,105,852 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >

Hope this was clear for you.

Thankyou :)
  • 0

Advertisements

#2
Essexboy
Posted 09 June 2011 - 07:35 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there the log looks clean - which would suggest a possible MBR infection - so lets check that out first

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#3
haz101
Posted 09 June 2011 - 09:32 AM

haz101

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
1 file as found. Also I don't know if it's important but
when I clicked reboot on the program, a Windows error appeared but did not see what it was in time, as the laptop restarted itself soon after.

Results:

2011/06/09 16:21:42.0967 5320 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/09 16:21:43.0397 5320 Tcpip (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\drivers\tcpip.sys
2011/06/09 16:21:43.0829 5320 Tcpip6 (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/09 16:21:44.0230 5320 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/09 16:21:44.0582 5320 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/06/09 16:21:44.0942 5320 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/09 16:21:45.0312 5320 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/09 16:21:45.0680 5320 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/09 16:21:46.0050 5320 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/09 16:21:46.0827 5320 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
2011/06/09 16:21:47.0216 5320 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/09 16:21:47.0583 5320 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/09 16:21:47.0938 5320 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/06/09 16:21:48.0298 5320 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/09 16:21:48.0647 5320 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/09 16:21:49.0035 5320 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/09 16:21:49.0404 5320 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/09 16:21:49.0762 5320 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/09 16:21:50.0116 5320 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/09 16:21:50.0494 5320 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/09 16:21:50.0843 5320 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/09 16:21:51.0201 5320 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/09 16:21:51.0583 5320 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/09 16:21:51.0933 5320 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/09 16:21:52.0277 5320 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/09 16:21:52.0634 5320 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/06/09 16:21:53.0313 5320 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/09 16:21:53.0678 5320 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/09 16:21:54.0112 5320 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/09 16:21:54.0477 5320 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/09 16:21:54.0826 5320 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/09 16:21:55.0172 5320 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/09 16:21:55.0550 5320 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/09 16:21:55.0903 5320 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/09 16:21:56.0264 5320 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/06/09 16:21:56.0702 5320 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/06/09 16:21:57.0054 5320 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/09 16:21:57.0431 5320 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/09 16:21:57.0855 5320 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/09 16:21:57.0876 5320 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/09 16:21:58.0258 5320 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/09 16:21:58.0636 5320 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/09 16:21:59.0057 5320 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/09 16:21:59.0447 5320 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/09 16:21:59.0504 5320 MBR (0x1B8) (3218177318873d8d7a6e7eb02ae8c191) \Device\Harddisk0\DR0
2011/06/09 16:21:59.0506 5320 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/09 16:21:59.0506 5320 ================================================================================
2011/06/09 16:21:59.0506 5320 Scan finished
2011/06/09 16:21:59.0506 5320 ================================================================================
2011/06/09 16:21:59.0507 4140 Detected object count: 1
2011/06/09 16:21:59.0507 4140 Actual detected object count: 1
2011/06/09 16:22:25.0725 4140 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/09 16:22:25.0725 4140 \Device\Harddisk0\DR0 - ok
2011/06/09 16:22:25.0728 4140 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/09 16:23:16.0262 6080 Deinitialize success

Thanks for your time
  • 0

#4
Essexboy
Posted 09 June 2011 - 09:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That killed the main bad boy :)

Now lets see what remains... On completion of this run can you let me know if the redirects have gone

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#5
haz101
Posted 09 June 2011 - 11:12 AM

haz101

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
The redirecting has stopped and the scan came up ith nothing, Thanks!!


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6820

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

09/06/2011 17:32:04
mbam-log-2011-06-09 (17-32-04).txt

Scan type: Quick scan
Objects scanned: 143650
Time elapsed: 11 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks for your help :)
  • 0

#6
Essexboy
Posted 09 June 2011 - 11:21 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I like an easy one now and then :yes:

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup an select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

#7
haz101
Posted 10 June 2011 - 05:23 AM

haz101

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
dont. Thank you
  • 0

#8
Essexboy
Posted 10 June 2011 - 06:13 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP