wvcruffler

Noticed ove of those BS fake virus alert pop ups on a work computer (on access scan messages). Downloaded most recent MBAM and launched. When it tries to update, the following pops up MBAM_ERROR_UPDATING (1029, 0, WinHttpSendRequest) Funny the popup is now popping up much more frequently now that I am on this website and running the MBAM full scan. It is like it is PO'ed. Anyway, wondered if this was the malware blocking the update.

bump after running combofix I was able to run mbam and was able to clean several malware programs on both a brief and complete scan. Seems to be working better now. I will try to keep an eye on it for now. Phil

I backdoored the combofix file onto it with a jump drive and heres the log: BTW - that computer won't connect to the internet right now, so I can't fix the backup situation.. ComboFix 09-03-02.01 - PHIL CHUA 2009-03-02 22:42:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.999.585 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\chuck.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\UACvaqpqjbf.sys c:\windows\system32\UACabavsdsd.log c:\windows\system32\UACbdsgmqmn.dll c:\windows\system32\UACboylyrue.dll c:\windows\system32\UACcjdtoiyy.dat c:\windows\system32\UACjaorokwb.dll c:\windows\system32\UACldivjswc.db c:\windows\system32\UACmjkcpxtf.log c:\windows\system32\UACmnppheyw.dll c:\windows\system32\UACrkdsmqda.dll c:\windows\system32\UACyyxuykqr.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 ))))))))))))))))))))))))))))))) . 2009-03-02 21:52 . 2009-03-02 21:52 <DIR> d-------- c:\program files\Trend Micro 2009-03-02 21:49 . 2009-03-02 22:19 <DIR> d-------- c:\documents and settings\MINDY CHUA.MINDYSCOMP\Application Data\U3 2009-03-02 21:16 . 2009-03-02 22:30 <DIR> d-------- c:\documents and settings\Administrator\Application Data\U3 2009-03-02 08:33 . 2009-03-02 08:33 0 --a------ c:\windows\nsreg.dat 2009-03-02 08:20 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-02 08:20 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-27 16:25 . 2009-03-01 22:16 <DIR> d-------- c:\program files\Lavasoft 2009-02-27 16:25 . 2009-03-01 22:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-02-27 13:33 . 2009-03-02 22:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-27 13:33 . 2009-02-27 13:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-26 08:45 . 2009-03-02 22:28 1,896,749 --a------ c:\windows\system32\uactmp.db 2009-02-26 08:06 . 2009-03-02 07:46 5,162 --a------ c:\windows\system32\uacinit.dll 2009-02-23 20:36 . 2009-02-23 20:36 <DIR> d-------- c:\documents and settings\MINDY CHUA.MINDYSCOMP\Application Data\Apple Computer 2009-02-11 10:59 . 2008-12-02 07:44 194,362 -ra------ c:\windows\system32\drivers\windrvr6.sys 2009-02-11 10:57 . 2009-02-11 10:57 <DIR> d-------- c:\program files\Medtronic 2009-02-11 10:56 . 2009-02-11 10:58 <DIR> d-------- C:\CareLink Data 2009-02-04 09:31 . 2009-02-04 09:31 <DIR> d-------- c:\documents and settings\MINDY CHUA\Application Data\Apple Computer 2009-02-04 09:30 . 2009-02-04 09:30 <DIR> d-------- c:\program files\iTunes 2009-02-04 09:30 . 2009-02-04 09:30 <DIR> d-------- c:\program files\iPod 2009-02-04 09:30 . 2009-02-04 09:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-02-04 09:30 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2009-02-04 09:30 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2009-02-04 09:29 . 2009-02-04 09:29 <DIR> d-------- c:\program files\Bonjour 2009-02-04 09:28 . 2009-02-04 09:29 <DIR> d-------- c:\program files\QuickTime 2009-02-04 09:28 . 2009-02-04 09:28 <DIR> d-------- c:\program files\Apple Software Update 2009-02-04 09:28 . 2009-02-04 09:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-02-04 09:28 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys 2009-02-04 09:27 . 2009-02-04 09:30 <DIR> d-------- c:\program files\Common Files\Apple 2009-02-04 09:27 . 2009-02-04 09:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-21 02:14 --------- d-----w c:\program files\McAfee 2009-02-16 17:48 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-02 12:44 458,752 ----a-r c:\program files\Common Files\HHActiveX.dll 2007-11-24 17:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat 2008-09-15 15:15 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091520080916\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1] @="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}" [HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}] 2007-04-20 14:40 118784 --a------ c:\program files\TrueSuite Access Manager\IconOvrly.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-10-15 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-10-15 162328] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-10-15 137752] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696] "WTouchUser"="c:\windows\system32\WTouchUser.exe" [2007-09-27 107816] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824] "FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2007-09-26 671744] "UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2007-06-05 94208] "PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2007-11-09 3152896] "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-13 16384] "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-13 271872] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608] "CrossMenu"="c:\program files\TOSHIBA\CrossMenu\CrossMenu.exe" [2007-10-12 806912] "TAcelMgr"="c:\program files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe" [2004-12-16 90112] "TSkrMain"="c:\program files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe" [2004-06-30 49152] "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-13 311296] "TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-09 344144] "TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-04-26 90112] "TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976] "TRot.exe"="c:\program files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe" [2006-07-20 327680] "TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.exe" [2005-06-28 126976] "TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-09 159744] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2007-01-25 136816] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.exe] "000StTHK"="000StTHK.exe" [2001-06-23 07:28 24576 c:\windows\system32\000StTHK.exe] "NDSTray.exe"="NDSTray.exe" [bU] "TFncKy"="TFncKy.exe" [bU] "TFNF5"="TFNF5.exe" [2006-04-10 c:\windows\system32\TFNF5.exe] "TOSDCR"="TOSDCR.EXE" [2005-12-13 c:\windows\system32\TOSDCR.exe] "TPSODDCtl"="TPSODDCtl.exe" [2007-11-01 c:\windows\system32\TPSODDCtl.exe] "TPSMain"="TPSMain.exe" [2007-10-16 c:\windows\system32\TPSMain.exe] c:\documents and settings\MINDY CHUA\Start Menu\Programs\Startup\ HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2002-09-12 299008] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS] 2007-11-02 15:42 176128 c:\windows\system32\FpWinlogonNp.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey] 2008-04-13 19:11 47104 c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL] 2002-08-29 06:41 11776 c:\windows\system32\tabbtnwl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP] 2006-07-21 22:54 65536 c:\windows\system32\TosBtNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify] 2008-04-13 19:12 32256 c:\windows\system32\tpgwlnot.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TSigNP] 2007-11-14 01:17 65536 c:\windows\system32\TSigNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Palm\\palm.exe"= "c:\\Program Files\\Extended Systems\\OneBridge Desktop Connector\\DesktopConnector.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [2008-01-19 43184] R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2007-04-27 21120] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-03-09 6528] R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2007-11-23 5888] R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2008-01-19 49152] R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2008-01-19 106496] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-03-26 105856] R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [2007-11-23 126976] R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-02-19 134016] R2 TTPDSrv;TOSHIBA Touch Pad Service;c:\windows\system32\TTPDSRV.exe [2007-11-23 73728] R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2008-01-19 1464856] R2 WacomTouchService;Wacom Touch Service;c:\windows\system32\WacomTouchService.exe [2008-01-19 95528] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-11-24 36608] R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2007-11-23 8832] R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2007-11-23 435072] R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2007-02-22 11312] R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2008-01-19 30248] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ab330ca-0799-11de-8565-001de07d436f}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2009-02-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] 2008-03-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-05-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.toshibadirect.com/dpdstart uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\647wn7py.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-02 22:45:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(988) c:\windows\system32\FpWinLogonNp.dll c:\program files\TrueSuite Access Manager\FpSuites.dll c:\program files\TrueSuite Access Manager\SharedResources.dll c:\program files\TrueSuite Access Manager\FPResource.dll c:\windows\system32\TSigNP.dll c:\windows\system32\netprovcredman.dll . Completion time: 2009-03-02 22:46:39 ComboFix-quarantined-files.txt 2009-03-03 03:46:36 Pre-Run: 137,846,206,464 bytes free Post-Run: 138,592,370,688 bytes free 213 --- E O F --- 2009-02-27 21:59:32

And as an aside, I have tried to download and run malaware, Dr.Web, combofix etc. but the trojan either blocks the install (even with filename change) or otherwise buggers the process. Help!

This is from my other nearly non-functional computer Thanks for any help! Phil Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:56:15 PM, on 3/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\TAMSvr.exe C:\WINDOWS\system32\FpLogonServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WacomTouchService.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\AMT\LMS.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Toshiba\IVP\ISM\pinger.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\Toshiba\IVP\swupdate\swupdtmr.exe C:\WINDOWS\system32\ThpSrv.exe C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe C:\WINDOWS\system32\TODDSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\System32\TTPDSRV.exe C:\Program Files\Intel\AMT\UNS.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\WINDOWS\system32\WTouchUser.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\TrueSuite Access Manager\FpNotifier.exe C:\Program Files\TrueSuite Access Manager\usbnotify.exe C:\Program Files\TrueSuite Access Manager\PwdBank.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\TrueSuite Access Manager\CssSvr.exe C:\Program Files\TOSHIBA\CrossMenu\CrossMenu.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\WINDOWS\system32\thpsrv.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\TPSODDCtl.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\MINDY CHUA.MINDYSCOMP\Desktop\bugwerks.exe C:\DOCUME~1\MINDYC~1.MIN\LOCALS~1\Temp\is-F18OQ.tmp\bugwerks.tmp C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" O4 - HKLM\..\Run: [WTouchUser] C:\WINDOWS\system32\WTouchUser.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [FingerPrintNotifer] "C:\Program Files\TrueSuite Access Manager\FpNotifier.exe" O4 - HKLM\..\Run: [usbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe" O4 - HKLM\..\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe" O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\TOSHIBA\CrossMenu\CrossMenu.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TRot.exe] c:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard....rueSwitchEC.exe O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll O20 - Winlogon Notify: TosBtNP - C:\WINDOWS\SYSTEM32\TosBtNP.dll O20 - Winlogon Notify: TSigNP - C:\WINDOWS\SYSTEM32\TSigNP.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\WINDOWS\system32\TAMSvr.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA Touch Pad Service (TTPDSrv) - TOSHIBA Corporation - C:\WINDOWS\System32\TTPDSRV.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\WINDOWS\system32\WacomTouchService.exe -- End of file - 14067 bytes