voight75 Posted September 17, 2009 ID:128513 Share Posted September 17, 2009 Hi there, I am new here, I hope someone can help me. Man alive! This rootkit.tdss is a true nightmare. It happened yesterday, whilst I was surfing.To try and fix it, I downloaded Spy Doctor, and it got rid of Windows Police Pro and a host of other junk, but something was still wrong (hijacked search results in IE). I downloaded MBAM and it detected 2 Rootkit.tdss files, which it then removed, but they re-appear after reboot, and I just cannot get rid of them. Here are the MBAM and Hijack logs.PS: I am not fully conversant in computers, so please be gentle. I guess I know enough to know to come here for help!Thanks in advance,Carson.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:28:27 AM, on 9/17/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\lxdfcoms.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exec:\TOSHIBA\IVP\swupdate\swupdtmr.exeC:\WINDOWS\system32\ThpSrv.exeC:\WINDOWS\system32\TODDSrv.exeC:\Program Files\Webroot\Washer\WasherSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\mcrdsvc.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\ltmoh\Ltmoh.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\system32\thpsrv.exeC:\WINDOWS\system32\TPSMain.exeC:\WINDOWS\system32\TPSODDCtl.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\WINDOWS\system32\TPSBattM.exeC:\Program Files\Protector Suite QL\psqltray.exeC:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exeC:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\LogMeIn\LogMeInSystray.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Lexmark 6500 Series\lxdfmon.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exeC:\Program Files\Logitech\QuickCam10\QuickCam10.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Webroot\Washer\wwDisp.exeC:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exeC:\WINDOWS\system32\dllhost.exeC:\Documents and Settings\All Users\Start Menu\Programs\Startup\00THotkey.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\WINDOWS\system32\RAMASST.exeC:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%sR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by ComcastR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dllO2 - BHO: (no name) - {510E897D-9D10-4476-A9A9-5D216537A418} - C:\WINDOWS\system32\efcDWOGa.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /trayO4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startupO4 - HKLM\..\Run: [ThpSrv] thpsrv /logonO4 - HKLM\..\Run: [000StTHK] 000StTHK.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exeO4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeO4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXEO4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeO4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyO4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hideO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exeO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exeO4 - Global Startup: 00THotkey.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstartO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: McAfee Application Installer Cleanup (0141121251128546) (0141121251128546mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\014112~1.EXE (file missing)O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exeO23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exeO23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exeO23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exeO23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exeO23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe--End of file - 17133 bytesMalwarebytes' Anti-Malware 1.41Database version: 2814Windows 5.1.2600 Service Pack 39/17/2009 11:35:37 AMmbam-log-2009-09-17 (11-35-28).txtScan type: Quick ScanObjects scanned: 112520Time elapsed: 6 minute(s), 31 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:\\?\globalroot\Device\Ide\IdePort1\pwetsxwi\pwetsxwi\tdlwsp.dll (Rootkit.TDSS) -> No action taken.Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:\\?\globalroot\Device\Ide\IdePort1\pwetsxwi\pwetsxwi\tdlwsp.dll (Rootkit.TDSS) -> No action taken. Link to post Share on other sites More sharing options...
Dakeyras Posted September 18, 2009 ID:128946 Share Posted September 18, 2009 Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.If you think you have similar problems, please post a log in the HJT forum and wait for help.Hi voight75 and welcome to the Malwarebytes Forum. I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below: I will start working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!. The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic.Refrain from running self fixes as this will hinder the malware removal process.It may prove beneficial if you print of the following instructions or save them to notepad as I post them.Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.Scan with GMER:Please download GMER Rootkit Scanner from here.Double click the .exe file. If asked to allow gmer.sys driver to load, please consentIf it gives you a warning about rootkit activity and asks if you want to run scan...click on NO Click the image to enlarge itIn the right panel, you will see several boxes that have been checked. Uncheck the following ...SectionsIAT/EATDrives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one)[*]Then click the Scan button & wait for it to finish[*]Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file[*]Save it where you can easily find it, such as your desktop, and post it in reply**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entriesNote: Do not run any programs while Gmer is running.Scan with RSIT:Please download Random's System Information Tool by random/random from here and save it to your desktop.Make sure that RSIT.exe is on the your Desktop before running the application!Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open:log.txt will be opened maximized.info.txt will be opened minimized.[*]Please post the contents of both log.txt and info.txt.Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsitWhen completed the above, please post back the following in the order asked for:How is you computer performing now, any further symptoms and or problems encountered?GMER Log.Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply. Link to post Share on other sites More sharing options...
voight75 Posted September 18, 2009 Author ID:129099 Share Posted September 18, 2009 Hi voight75 and welcome to the Malwarebytes Forum. I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below: I will start working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!. The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic.Refrain from running self fixes as this will hinder the malware removal process.It may prove beneficial if you print of the following instructions or save them to notepad as I post them.Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.Scan with GMER:Please download GMER Rootkit Scanner from here.Double click the .exe file. If asked to allow gmer.sys driver to load, please consentIf it gives you a warning about rootkit activity and asks if you want to run scan...click on NO Click the image to enlarge itIn the right panel, you will see several boxes that have been checked. Uncheck the following ...SectionsIAT/EATDrives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one)[*]Then click the Scan button & wait for it to finish[*]Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file[*]Save it where you can easily find it, such as your desktop, and post it in reply**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entriesNote: Do not run any programs while Gmer is running.Scan with RSIT:Please download Random's System Information Tool by random/random from here and save it to your desktop.Make sure that RSIT.exe is on the your Desktop before running the application!Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open:log.txt will be opened maximized.info.txt will be opened minimized.[*]Please post the contents of both log.txt and info.txt.Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsitWhen completed the above, please post back the following in the order asked for:How is you computer performing now, any further symptoms and or problems encountered?GMER Log.Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.Hi Dakeyras, and thank you very much for helping me.1) During my first attempt to respond to your post about 30 minutes ago, everything froze and then everything disappeared from my screen except the wallpaper. This was after I had run the various scans you had requested. I have since re-run these scans. When I rebooted, all of my McAfee security suite had been turned off. Apart from that, the only other symptoms I can see are the original ones (hijacked search results in IE and very, very slow boot up).2) Here is the GMER log:GMER 1.0.15.15087 - http://www.gmer.netRootkit scan 2009-09-18 11:35:53Windows 5.1.2600 Service Pack 3Running: c6dkf72x.exe; Driver: C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\uxldrpob.sys---- System - GMER 1.0.15 ----Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA922B554]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA922B498]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA922B4AC]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA922B568]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA922B594]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA922B602]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA922B5EC]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA922B516]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA922B62E]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA922B540]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA922B470]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA922B484]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA922B4EA]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA922B66A]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA922B5D6]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA922B5C0]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA922B57E]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA922B656]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA922B642]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA922B4D6]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA922B4C2]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA922B5AA]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA922B45C]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA922B618]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA922B52C]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA922B500]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSectionCode \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcessCode \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThreadCode \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)---- Processes - GMER 1.0.15 ----Library \\?\globalroot\Device\Ide\IdePort1\rnnsenxw\rnnsenxw\tdlwsp.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [128] 0x10000000 Library \\?\globalroot\Device\Ide\IdePort1\rnnsenxw\rnnsenxw\tdlwsp.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [4160] 0x10000000 Library \\?\globalroot\Device\Ide\IdePort1\rnnsenxw\rnnsenxw\tdlwsp.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [4300] 0x10000000 ---- EOF - GMER 1.0.15 ----3) Here is the first RSIT log:Logfile of random's system information tool 1.06 (written by random/random)Run by Richard Lunan at 2009-09-18 11:36:31Microsoft Windows XP Professional Service Pack 3System drive C: has 82 GB (72%) free of 114 GBTotal RAM: 2039 MB (60% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:36:36 AM, on 9/18/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\lxdfcoms.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\Program Files\Analog Devices\Core\smax4pnp.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\Program Files\ltmoh\Ltmoh.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\system32\thpsrv.exeC:\WINDOWS\system32\TPSMain.exeC:\WINDOWS\system32\TPSODDCtl.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\Protector Suite QL\psqltray.exeC:\WINDOWS\system32\TPSBattM.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\LogMeIn\LogMeInSystray.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Lexmark 6500 Series\lxdfmon.exeC:\Program Files\Lexmark 6500 Series\lxdfamon.exeC:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exeC:\Program Files\Logitech\QuickCam10\QuickCam10.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exec:\TOSHIBA\IVP\swupdate\swupdtmr.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\ThpSrv.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\TODDSrv.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Webroot\Washer\wwDisp.exeC:\Program Files\Skype\Phone\Skype.exeC:\Documents and Settings\All Users\Start Menu\Programs\Startup\00THotkey.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\WINDOWS\system32\RAMASST.exeC:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Webroot\Washer\WasherSvc.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Richard Lunan\Desktop\RSIT.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\Trend Micro\HijackThis\Richard Lunan.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%sR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by ComcastR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dllO2 - BHO: (no name) - {510E897D-9D10-4476-A9A9-5D216537A418} - C:\WINDOWS\system32\efcDWOGa.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /trayO4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startupO4 - HKLM\..\Run: [ThpSrv] thpsrv /logonO4 - HKLM\..\Run: [000StTHK] 000StTHK.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exeO4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeO4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXEO4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeO4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyO4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hideO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exeO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exeO4 - Global Startup: 00THotkey.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstartO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: McAfee Application Installer Cleanup (0141121251128546) (0141121251128546mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\014112~1.EXE (file missing)O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exeO23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exeO23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exeO23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exeO23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exeO23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe--End of file - 16861 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\AppleSoftwareUpdate.jobC:\WINDOWS\tasks\McDefragTask.jobC:\WINDOWS\tasks\McQcTask.jobC:\WINDOWS\tasks\MP Scheduled Scan.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{510E897D-9D10-4476-A9A9-5D216537A418}]C:\WINDOWS\system32\efcDWOGa.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-27 256112][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-07-27 761840][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-27 458736][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-27 256112][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-13 88204]"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-24 196608]"PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2006-05-05 30208]"ThpSrv"=thpsrv /logon []"000StTHK"=000StTHK.exe []"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2006-04-24 315392]"TPSODDCtl"=C:\WINDOWS\system32\TPSODDCtl.exe [2006-04-24 110592]"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]"TOSDCR"=C:\WINDOWS\system32\TOSDCR.EXE [2005-12-13 57344]"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-12-06 1077322]"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2006-02-02 73728]"NDSTray.exe"=NDSTray.exe []"TFncKy"=TFncKy.exe []"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2005-05-17 49152]"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2005-06-28 126976]"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [2006-04-25 299008]"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-30 94208]"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-30 77824]"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-30 118784]"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]"LogMeIn GUI"=C:\Program Files\LogMeIn\LogMeInSystray.exe [2006-10-06 303864]"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]"lxdfmon.exe"=C:\Program Files\Lexmark 6500 Series\lxdfmon.exe [2007-06-11 455600]"lxdfamon"=C:\Program Files\Lexmark 6500 Series\lxdfamon.exe [2007-06-01 20480]"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-07-22 1181064]"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-18 68856]"Window Washer"=C:\Program Files\Webroot\Washer\wwDisp.exe [2007-11-26 1206600]"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-06-03 21718312][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]C:\Documents and Settings\All Users\Start Menu\Programs\Startup00THotkey.exeLogitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeRAMASST.lnk - C:\WINDOWS\system32\RAMASST.exeC:\Documents and Settings\Richard Lunan\Start Menu\Programs\StartupDesktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]C:\WINDOWS\system32\igfxdev.dll [2006-06-30 139264][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]C:\WINDOWS\system32\LMIinit.dll [2006-10-06 11504][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]C:\WINDOWS\system32\psqlpwd.dll [2006-05-05 40448][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]"authentication packages"=msv1_0C:\WINDOWS\system32\efcDWOGa"notification packages"=sceclipsqlpwd[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=255"_NoDriveTypeAutoRun"=145[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"HonorAutoRunSetting"=[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine""C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger""C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader""C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL""C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL""C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL""C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon""C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed""C:\Program Files\Common Files\AOL\1155956573\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1155956573\EE\AOLServiceHost.exe:*:Enabled:AOL""C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL""C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL""C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL""C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL""C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"="C:\Program Files\Lexmark 6500 Series\lxdfamon.exe:*:Enabled:Lexmark Device Monitor""C:\Program Files\Lexmark 6500 Series\frun.exe"="C:\Program Files\Lexmark 6500 Series\frun.exe:*:Enabled:Lexmark Productivity Studio""C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"="C:\Program Files\Lexmark 6500 Series\lxdfmon.exe:*:Enabled:Printer Device Monitor""C:\WINDOWS\system32\lxdfcfg.exe"="C:\WINDOWS\system32\lxdfcfg.exe:*:Enabled:Printer Communication System""C:\WINDOWS\system32\lxdfcoms.exe"="C:\WINDOWS\system32\lxdfcoms.exe:*:Enabled:Lexmark Communications System""C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfpswx.exe:*:Enabled:Printer Status Window Interface""C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdftime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdftime.exe:*:Enabled:Lexmark Connect Time Executable""C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfjswx.exe:*:Enabled:Job Status Window Interface""C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger""C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook""C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove""C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote""C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent""C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour""C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes""C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98a6c8a4-9c6b-11db-8373-00038a000015}]shell\AutoRun\command - E:\DTE_Privacy_launcher.exe======List of files/folders created in the last 1 months======2009-09-18 11:09:59 ----D---- C:\rsit2009-09-17 11:27:59 ----D---- C:\Program Files\Trend Micro2009-09-17 11:01:34 ----D---- C:\Program Files\Enigma Software Group2009-09-16 22:23:58 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\Malwarebytes2009-09-16 22:23:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes2009-09-16 22:23:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware2009-09-16 18:55:41 ----A---- C:\WINDOWS\wininit.ini2009-09-16 18:31:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2009-09-16 18:28:57 ----AD---- C:\WINDOWS\system32\images2009-09-16 18:17:55 ----D---- C:\Program Files\Common Files\PC Tools2009-09-16 18:17:51 ----D---- C:\Program Files\Spyware Doctor2009-09-16 18:17:51 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\PC Tools2009-09-16 18:17:51 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools2009-09-16 18:16:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP2009-09-09 15:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$2009-09-09 15:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$2009-09-09 15:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$2009-08-27 10:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$======List of files/folders modified in the last 1 months======2009-09-18 11:36:35 ----D---- C:\WINDOWS\Temp2009-09-18 11:32:05 ----D---- C:\WINDOWS\Prefetch2009-09-18 11:29:07 ----D---- C:\WINDOWS2009-09-18 11:28:51 ----D---- C:\WINDOWS\system32\drivers2009-09-18 11:28:46 ----D---- C:\WINDOWS\system32\CatRoot22009-09-18 11:27:06 ----D---- C:\WINDOWS\Registration2009-09-18 11:26:52 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt2009-09-18 11:26:52 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt2009-09-18 11:20:18 ----A---- C:\WINDOWS\SchedLgU.Txt2009-09-18 10:56:53 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\Skype2009-09-17 13:10:39 ----D---- C:\WINDOWS\system322009-09-17 11:27:59 ----D---- C:\Program Files2009-09-17 08:02:50 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\skypePM2009-09-16 22:38:55 ----D---- C:\Program Files\DIGStream2009-09-16 20:02:34 ----SD---- C:\WINDOWS\Downloaded Program Files2009-09-16 20:02:33 ----HD---- C:\WINDOWS\inf2009-09-16 19:34:18 ----D---- C:\Program Files\Internet Explorer2009-09-16 19:19:27 ----SD---- C:\WINDOWS\Tasks2009-09-16 18:17:55 ----D---- C:\Program Files\Common Files2009-09-12 17:56:32 ----D---- C:\WINDOWS\network diagnostic2009-09-09 15:02:07 ----RSHDC---- C:\WINDOWS\system32\dllcache2009-09-09 15:02:03 ----A---- C:\WINDOWS\imsins.BAK2009-09-09 15:01:58 ----HD---- C:\WINDOWS\$hf_mig$2009-09-09 15:01:57 ----SHD---- C:\WINDOWS\Installer2009-09-09 15:01:49 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help2009-09-09 15:00:59 ----D---- C:\WINDOWS\ehome2009-09-08 09:29:13 ----D---- C:\WINDOWS\Microsoft.NET2009-08-28 16:38:20 ----A---- C:\WINDOWS\system32\MRT.exe2009-08-24 10:42:14 ----D---- C:\Program Files\McAfee======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-12-22 21275]R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-08-18 8552]R2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []R2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\RaInfo.sys []R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]R2 smihlp;SMI helper driver; \??\C:\Program Files\Protector Suite QL\smihlp.sys []R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 98816]R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-13 1124097]R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848]R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-30 1169980]R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]R3 LMImirr;LMImirr; C:\WINDOWS\system32\DRIVERS\LMImirr.sys [2006-10-06 8048]R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-06-30 26752]R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-05-05 28800]R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 15360]R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2006-05-30 45696]R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-04-01 471264]S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]S3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-03-21 179200]S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560]S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232]S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]S3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360]S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-07-13 22528]S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]S3 uxldrpob;uxldrpob; \??\C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\uxldrpob.sys []S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-04-09 237568]R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]R2 lxdf_device;lxdf_device; C:\WINDOWS\system32\lxdfcoms.exe [2007-05-29 598960]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640]R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-07-22 1097096]R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]R2 Thpsrv;TOSHIBA HDD Protection; C:\WINDOWS\system32\ThpSrv.exe [2005-12-20 176128]R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2006-05-25 114688]R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]R3 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]S2 0141121251128546mcinstcleanup;McAfee Application Installer Cleanup (0141121251128546); C:\WINDOWS\TEMP\014112~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe [2007-05-29 99248]S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]S2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-01-09 68112]S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]S4 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\RaMaint.exe [2006-10-06 62200]S4 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\LogMeIn.exe [2006-10-06 1622768]S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]-----------------EOF----------------- Link to post Share on other sites More sharing options...
voight75 Posted September 18, 2009 Author ID:129103 Share Posted September 18, 2009 Hi voight75 and welcome to the Malwarebytes Forum. I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below: I will start working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!. The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic.Refrain from running self fixes as this will hinder the malware removal process.It may prove beneficial if you print of the following instructions or save them to notepad as I post them.Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.Scan with GMER:Please download GMER Rootkit Scanner from here.Double click the .exe file. If asked to allow gmer.sys driver to load, please consentIf it gives you a warning about rootkit activity and asks if you want to run scan...click on NO Click the image to enlarge itIn the right panel, you will see several boxes that have been checked. Uncheck the following ...SectionsIAT/EATDrives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one)[*]Then click the Scan button & wait for it to finish[*]Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file[*]Save it where you can easily find it, such as your desktop, and post it in reply**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entriesNote: Do not run any programs while Gmer is running.Scan with RSIT:Please download Random's System Information Tool by random/random from here and save it to your desktop.Make sure that RSIT.exe is on the your Desktop before running the application!Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open:log.txt will be opened maximized.info.txt will be opened minimized.[*]Please post the contents of both log.txt and info.txt.Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsitWhen completed the above, please post back the following in the order asked for:How is you computer performing now, any further symptoms and or problems encountered?GMER Log.Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.Here is the second RSIT log:info.txt logfile of random's system information tool 1.06 2009-09-18 11:10:05======Uninstall list======-->C:\WINDOWS\system32\RunDll32.Exe C:\WINDOWS\system32\SetupAPI.Dll,InstallHinfSection DefaultUninstall.NTx86 4 C:\WINDOWS\INF\tdudf.Inf-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exeAdobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.logALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALLAmerica Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\aolunins_us.exeAOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDPAOL Connectivity Services-->"C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /cAOL Spyware Protection-->C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOGAOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exeApple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}Bejeweled 2 Deluxe-->"C:\Program Files\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe"BlackBerry Desktop Software 4.2-->MsiExec.exe /I{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}BlackBerry Desktop Software 4.2-->MsiExec.exe /i{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}Blackhawk Striker 2-->"C:\Program Files\TOSHIBA Games\Blackhawk Striker 2\Uninstall.exe"Blasterball 2 Revolution-->"C:\Program Files\Toshiba Games\Blasterball 2 Revolution\Uninstall.exe"Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9 Chuzzle Deluxe-->"C:\Program Files\TOSHIBA Games\Chuzzle Deluxe\Uninstall.exe"Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exeCritical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"DeductionPro 2008-->"C:\Program Files\InstallShield Installation Information\{61100673-2546-42E1-BF92-467B5CB2AC6D}\setup.exe" -runfromtemp -l0x0009 -removeonlyDesktop Dialer-->C:\WINDOWS\unvise32.exe C:\Program Files\DesktopDialer\uninstal.logDVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM DriverESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOGFATE-->"C:\Program Files\Toshiba Games\FATE\Uninstall.exe"GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstallGoogle Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstallGoogle Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstallHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2Intel® PRO Network Connections Drivers-->Prounstl.exeIntel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exeInterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exeInterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALLInterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALLiTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}Lexmark 6500 Series-->C:\Program Files\Lexmark 6500 Series\Install\x86\Uninst.exeLogitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALLLogitech QuickCam-->MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}Logitech Link to post Share on other sites More sharing options...
Dakeyras Posted September 18, 2009 ID:129219 Share Posted September 18, 2009 Hi Hi Dakeyras, and thank you very much for helping me.You're welcome! Thank you for the situation update also.Next:When replying to myself in future could you please use the ADD REPLY button rather than the "REPLY one, thank you.Next:There are a few applications that will require removing/updating which we will address in due course. Is AOL your ISP and or do you use the any of the AOL software installed at all?TFC(Temp File Cleaner):Please download TFC to your desktop, Save any unsaved work. TFC will close all open application windows.Double-click TFC.exe to run the program.If prompted, click "Yes" to reboot.Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.Malwarebytes Anti-Malware: Launch the application, Check for Updates >> Perform a Quick ScanWhen the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. please copy and paste the log into your next reply.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.Download/Run ComboFix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsPlease include the C:\ComboFix.txt in your next reply for further review. A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper When completed the above, please post back the following in the order asked for:How is you computer performing now, any other symptoms and or problems encountered?Answer to my AOL query.Malwarebytes Anti-Malware Log.ComboFix Log.A new HijackThis Log. Link to post Share on other sites More sharing options...
voight75 Posted September 19, 2009 Author ID:129287 Share Posted September 19, 2009 Dakeyras,I have done everything as requested, with only one problem. Combofix will not scan, so I don't have a log. It loads no problem, and then after the screen says "However, san times for badly infected machines may easily double", nothing at all happens. I let it sit for one hour like that, and nothing happened. Please see below for the other info you requested:1) My computer is the same. Hijacked search results, very slow on boot up and sometimes when I reboot there is nothing but wallpaper, and I have to reboot again.2)AOL is not my ISP, and to the best of my knowledge, I have no AOL software on my computer at all.3) Here is the MBAM log:Malwarebytes' Anti-Malware 1.41Database version: 2821Windows 5.1.2600 Service Pack 39/18/2009 4:00:49 PMmbam-log-2009-09-18 (16-00-49).txtScan type: Quick ScanObjects scanned: 111663Time elapsed: 7 minute(s), 34 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:\\?\globalroot\Device\Ide\IdePort1\enworcjp\enworcjp\tdlwsp.dll (Rootkit.TDSS) -> Delete on reboot.Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77dc0b63-1535-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:\\?\globalroot\Device\Ide\IdePort1\enworcjp\enworcjp\tdlwsp.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.4) No Combofix log5) Here is the HijackThis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:57:04 PM, on 9/18/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\ltmoh\Ltmoh.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\system32\TPSMain.exeC:\WINDOWS\system32\TPSODDCtl.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\Protector Suite QL\psqltray.exeC:\WINDOWS\system32\TPSBattM.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exeC:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\LogMeIn\LogMeInSystray.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Lexmark 6500 Series\lxdfmon.exeC:\Program Files\Lexmark 6500 Series\lxdfamon.exeC:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exeC:\Program Files\Logitech\QuickCam10\QuickCam10.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Webroot\Washer\wwDisp.exeC:\Program Files\Skype\Phone\Skype.exeC:\WINDOWS\system32\lxdfcoms.exeC:\Documents and Settings\All Users\Start Menu\Programs\Startup\00THotkey.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\WINDOWS\system32\RAMASST.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Skype\Plugin Manager\skypePM.exec:\TOSHIBA\IVP\swupdate\swupdtmr.exeC:\WINDOWS\system32\ThpSrv.exeC:\WINDOWS\system32\TODDSrv.exeC:\Program Files\Webroot\Washer\WasherSvc.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wscntfy.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%sR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by ComcastR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dllO2 - BHO: (no name) - {510E897D-9D10-4476-A9A9-5D216537A418} - C:\WINDOWS\system32\efcDWOGa.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /trayO4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startupO4 - HKLM\..\Run: [ThpSrv] thpsrv /logonO4 - HKLM\..\Run: [000StTHK] 000StTHK.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exeO4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeO4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXEO4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeO4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyO4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hideO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exeO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exeO4 - Global Startup: 00THotkey.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstartO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: McAfee Application Installer Cleanup (0141121251128546) (0141121251128546mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\014112~1.EXE (file missing)O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exeO23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exeO23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exeO23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exeO23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exeO23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe--End of file - 15842 bytes Link to post Share on other sites More sharing options...
Dakeyras Posted September 19, 2009 ID:129443 Share Posted September 19, 2009 Hi. OK lets try a different approach as follows. Please leave ComboFix on the desktop but do not use it! Take your time with the below and carry out each step in order please. Any problems whats so ever stop what you are doing and inform myself straight away.Next:Please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):America Online <-- This is the actual uninstaller for all the AOL software. Double click it and follow the prompts. A basic tutorial is here.These are the AOL applications to be removed using the aforementioned uninstaller:AOL Coach Version 2.0AOL Connectivity ServicesAOL Spyware ProtectionAOL You've Got Pictures ScreensaverNow remove these applications from Add/Remove:-J2SE Runtime Environment 5.0 Update 6 <-- We will update this in due course.Spyware Doctor 6.1Viewpoint Media PlayerWindows DefenderWindow Washer <-- If you have purchased this then leave in-place but do not use until your system is clean.To do so, click once on each of the above in turn to highlight and then click on the Remove button.Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.Reset Host File:Open Notepad.Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK@Echo offpushd\windows\system32\drivers\etcattrib -h -s -r hostsecho 127.0.0.1 localhost>HOSTSattrib +r +h +s hostspopddel %0Go to File >> Save AsSave File name as "Dakeyras.bat" <-- Make sure to include the quotes.Change Save as Type to All Files and save the file to your Desktop.It should look like this: Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.Reset SP3 Firewall:Click on Start >> Run... and cut/paste in the following and click on OKfirewall.cplClick on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OKNow click on the General tab >> select Off(not recommended) >> OK.Note: No need for it to be active after the reset becuse you have the McAfee Personal Firewall.Backup the Registry:Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.Please go here and download ERUNT.ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.Double click on erunt-setup.exe to Install ERUNT by following the prompts.Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.Make sure that at least the first two check boxes are selected.Click on OK Then click on YES to create the folder.Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exeFixPolicies:Please download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here. Double-click FixPolicies.exe. Click the "Install" button on the bottom toolbar of the box that will open. The program will create a new Folder called FixPolicies. Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd. A black box should briefly appear and then close. Leave FixPolicies on your desktop please until I otherwise advise, thank you.Next:Please download OTM to your Desktop.Double-click OTM to start the program.Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy)::Processes:Reg[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Window Title"=-[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyServer"=-[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{510E897D-9D10-4476-A9A9-5D216537A418}][-HKEY_CLASSES_ROOT\CLSID\{510E897D-9D10-4476-A9A9-5D216537A418}][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}][-HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}][-HKEY_CLASSES_ROOT\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwfile-8876480][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice][-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice][-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend][-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice][-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice][-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]:FilesC:\rsitC:\WINDOWS\system32\efcDWOGa.dllC:\Program Files\Common Files\PC ToolsC:\Program Files\Spyware DoctorC:\Documents and Settings\Richard Lunan\Application Data\PC ToolsC:\Documents and Settings\All Users\Application Data\PC Tools:Commands[Purity][EmptyTemp][Start Explorer][Reboot]Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose PasteThen click the red MoveIt! button.Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.Close OTM.Malwarebytes Anti-Malware: Launch the application, Check for Updates >> Perform a Quick ScanWhen the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. please copy and paste the log into your next reply.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.Next:Make sure that RSIT.exe is on the your Desktop before running the application!Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open:log.txt will be opened maximized.info.txt will be opened minimized.[*]Please post the contents of both log.txt and info.txt.When completed the above, please post back the following in the order asked for:How is you computer performing now, any further symptoms and or problems encountered?OTM Log.Malwarebytes Anti-Malware Log.A new set of RSIT logs. <-- Post them individually please, IE: one Log per post/reply. Link to post Share on other sites More sharing options...
voight75 Posted September 19, 2009 Author ID:129489 Share Posted September 19, 2009 Dakeyras,Thank you for your continued patience and help, I am very grateful. I will be unable to work on this today and tomorrow, as I will be out of town. I will be getting back into it on Monday. I didn't want you to think I had given up. Link to post Share on other sites More sharing options...
Dakeyras Posted September 19, 2009 ID:129578 Share Posted September 19, 2009 OK no problem and thank you for the courtesy of informing myself.Please ensure during your absence that the computer we are working on is not used online at all, thank you. Link to post Share on other sites More sharing options...
voight75 Posted September 21, 2009 Author ID:130642 Share Posted September 21, 2009 Dakeyras,My computer is performing much about the same. No better, no worse. Hijacked search results and v slow on boot up. I have carried out all requested processes. Please see below. Thanks.OTM log:All processes killedError: Unable to interpret <Processes> in the current context!========== REGISTRY ==========Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Window Title deleted successfully.Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{510E897D-9D10-4476-A9A9-5D216537A418}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{510E897D-9D10-4476-A9A9-5D216537A418}\ deleted successfully.Registry key HKEY_CLASSES_ROOT\CLSID\{510E897D-9D10-4476-A9A9-5D216537A418}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{510E897D-9D10-4476-A9A9-5D216537A418}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.Registry key HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.Registry key HKEY_CLASSES_ROOT\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwfile-8876480\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray\ deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice\ not found.Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice\ not found.Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend\ not found.Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice\ not found.Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice\ not found.Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend\ not found.========== FILES ==========C:\rsit moved successfully.File/Folder C:\WINDOWS\system32\efcDWOGa.dll not found.File/Folder C:\Program Files\Common Files\PC Tools not found.File/Folder C:\Program Files\Spyware Doctor not found.File/Folder C:\Documents and Settings\Richard Lunan\Application Data\PC Tools not found.File/Folder C:\Documents and Settings\All Users\Application Data\PC Tools not found.========== COMMANDS ==========[EMPTYTEMP]User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: All UsersUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: LocalService->Temp folder emptied: 0 bytesFile delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.->Temporary Internet Files folder emptied: 33170 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Richard Lunan->Temp folder emptied: 393205 bytes->Temporary Internet Files folder emptied: 2779116 bytes->Java cache emptied: 0 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytesWindows Temp folder emptied: 12952 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 3.07 mbOTM by OldTimer - Version 3.0.0.6 log created on 09212009_123346Files moved on Reboot...Registry entries deleted on Reboot...MBAM log:Malwarebytes' Anti-Malware 1.41Database version: 2837Windows 5.1.2600 Service Pack 39/21/2009 12:53:49 PMmbam-log-2009-09-21 (12-53-49).txtScan type: Quick ScanObjects scanned: 111479Time elapsed: 6 minute(s), 53 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:\\?\globalroot\Device\Ide\IdePort1\fnlnosiv\fnlnosiv\tdlwsp.dll (Rootkit.TDSS) -> Delete on reboot.Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:\\?\globalroot\Device\Ide\IdePort1\fnlnosiv\fnlnosiv\tdlwsp.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.RSIT log 1:info.txt logfile of random's system information tool 1.06 2009-09-21 13:04:52======Uninstall list======-->C:\WINDOWS\system32\RunDll32.Exe C:\WINDOWS\system32\SetupAPI.Dll,InstallHinfSection DefaultUninstall.NTx86 4 C:\WINDOWS\INF\tdudf.Inf-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exeAdobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.logALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALLApple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}Bejeweled 2 Deluxe-->"C:\Program Files\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe"BlackBerry Desktop Software 4.2-->MsiExec.exe /I{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}BlackBerry Desktop Software 4.2-->MsiExec.exe /i{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}Blackhawk Striker 2-->"C:\Program Files\TOSHIBA Games\Blackhawk Striker 2\Uninstall.exe"Blasterball 2 Revolution-->"C:\Program Files\Toshiba Games\Blasterball 2 Revolution\Uninstall.exe"Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9 Chuzzle Deluxe-->"C:\Program Files\TOSHIBA Games\Chuzzle Deluxe\Uninstall.exe"Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exeCritical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"DeductionPro 2008-->"C:\Program Files\InstallShield Installation Information\{61100673-2546-42E1-BF92-467B5CB2AC6D}\setup.exe" -runfromtemp -l0x0009 -removeonlyDesktop Dialer-->C:\WINDOWS\unvise32.exe C:\Program Files\DesktopDialer\uninstal.logDVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM DriverERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOGFATE-->"C:\Program Files\Toshiba Games\FATE\Uninstall.exe"GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstallGoogle Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstallGoogle Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstallHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2Intel® PRO Network Connections Drivers-->Prounstl.exeIntel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exeInterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exeInterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALLInterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALLiTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}Lexmark 6500 Series-->C:\Program Files\Lexmark 6500 Series\Install\x86\Uninst.exeLogitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALLLogitech QuickCam-->MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}Logitech Link to post Share on other sites More sharing options...
voight75 Posted September 21, 2009 Author ID:130643 Share Posted September 21, 2009 RSIT log 2:Logfile of random's system information tool 1.06 (written by random/random)Run by Richard Lunan at 2009-09-21 13:04:33Microsoft Windows XP Professional Service Pack 3System drive C: has 83 GB (72%) free of 114 GBTotal RAM: 2039 MB (65% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:04:47 PM, on 9/21/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\lxdfcoms.exeC:\WINDOWS\Explorer.EXEC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\ltmoh\Ltmoh.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\system32\thpsrv.exeC:\WINDOWS\system32\TPSMain.exeC:\WINDOWS\system32\TPSODDCtl.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exeC:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exeC:\WINDOWS\system32\igfxtray.exeC:\Program Files\Protector Suite QL\psqltray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\TPSBattM.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\LogMeIn\LogMeInSystray.exeC:\Program Files\Lexmark 6500 Series\lxdfmon.exeC:\Program Files\Lexmark 6500 Series\lxdfamon.exeC:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\Logitech\QuickCam10\QuickCam10.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ThpSrv.exeC:\Program Files\Webroot\Washer\wwDisp.exeC:\WINDOWS\system32\TODDSrv.exeC:\Program Files\Webroot\Washer\WasherSvc.exeC:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\Skype\Phone\Skype.exeC:\Documents and Settings\All Users\Start Menu\Programs\Startup\00THotkey.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\WINDOWS\system32\RAMASST.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\WINDOWS\system32\svchost.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Richard Lunan\Desktop\RSIT.exeC:\Program Files\Trend Micro\HijackThis\Richard Lunan.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%sR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /trayO4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startupO4 - HKLM\..\Run: [ThpSrv] thpsrv /logonO4 - HKLM\..\Run: [000StTHK] 000StTHK.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exeO4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeO4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXEO4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeO4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyO4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hideO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exeO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exeO4 - Global Startup: 00THotkey.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstartO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: McAfee Application Installer Cleanup (0141121251128546) (0141121251128546mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\014112~1.EXE (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exeO23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exeO23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exeO23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exeO23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exeO23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe--End of file - 14490 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\AppleSoftwareUpdate.jobC:\WINDOWS\tasks\McDefragTask.jobC:\WINDOWS\tasks\McQcTask.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-27 256112][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-27 458736][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-27 256112][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-13 88204]"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-24 196608]"PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2006-05-05 30208]"ThpSrv"=thpsrv /logon []"000StTHK"=000StTHK.exe []"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2006-04-24 315392]"TPSODDCtl"=C:\WINDOWS\system32\TPSODDCtl.exe [2006-04-24 110592]"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]"TOSDCR"=C:\WINDOWS\system32\TOSDCR.EXE [2005-12-13 57344]"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-12-06 1077322]"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2006-02-02 73728]"NDSTray.exe"=NDSTray.exe []"TFncKy"=TFncKy.exe []"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2005-05-17 49152]"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2005-06-28 126976]"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [2006-04-25 299008]"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-30 94208]"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-30 77824]"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-30 118784]"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]"LogMeIn GUI"=C:\Program Files\LogMeIn\LogMeInSystray.exe [2006-10-06 303864]"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]"lxdfmon.exe"=C:\Program Files\Lexmark 6500 Series\lxdfmon.exe [2007-06-11 455600]"lxdfamon"=C:\Program Files\Lexmark 6500 Series\lxdfamon.exe [2007-06-01 20480]"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-18 68856]"Window Washer"=C:\Program Files\Webroot\Washer\wwDisp.exe [2007-11-26 1206600]"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-06-03 21718312]C:\Documents and Settings\All Users\Start Menu\Programs\Startup00THotkey.exeLogitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeRAMASST.lnk - C:\WINDOWS\system32\RAMASST.exeC:\Documents and Settings\Richard Lunan\Start Menu\Programs\StartupDesktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]C:\WINDOWS\system32\igfxdev.dll [2006-06-30 139264][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]C:\WINDOWS\system32\LMIinit.dll [2006-10-06 11504][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]C:\WINDOWS\system32\psqlpwd.dll [2006-05-05 40448][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]"authentication packages"=msv1_0C:\WINDOWS\system32\efcDWOGa[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"_NoDriveTypeAutoRun"=145"NoDriveAutoRun"=67108863[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"HonorAutoRunSetting"="NoDriveAutoRun"=[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98a6c8a4-9c6b-11db-8373-00038a000015}]shell\AutoRun\command - E:\DTE_Privacy_launcher.exe======List of files/folders created in the last 1 months======2009-09-21 13:04:33 ----D---- C:\rsit2009-09-21 12:33:46 ----D---- C:\_OTM2009-09-21 12:28:33 ----D---- C:\Program Files\ERUNT2009-09-21 12:09:04 ----SHD---- C:\Config.Msi2009-09-21 12:05:01 ----A---- C:\WINDOWS\msoffice.ini2009-09-18 18:42:23 ----SD---- C:\ComboFix2009-09-18 18:42:19 ----A---- C:\WINDOWS\system32\CF22120.exe2009-09-18 17:13:29 ----A---- C:\WINDOWS\system32\CF12624.exe2009-09-18 17:11:52 ----A---- C:\WINDOWS\system32\CF28307.exe2009-09-18 16:21:20 ----A---- C:\Boot.bak2009-09-18 16:21:10 ----RASHD---- C:\cmdcons2009-09-18 16:16:59 ----A---- C:\WINDOWS\zip.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\SWXCACLS.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\SWSC.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\SWREG.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\sed.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\PEV.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\NIRCMD.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\grep.exe2009-09-18 16:16:23 ----D---- C:\WINDOWS\ERDNT2009-09-18 16:16:16 ----A---- C:\WINDOWS\system32\CF10636.exe2009-09-18 16:15:40 ----D---- C:\Qoobox2009-09-18 15:37:46 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt2009-09-17 11:27:59 ----D---- C:\Program Files\Trend Micro2009-09-17 11:01:34 ----D---- C:\Program Files\Enigma Software Group2009-09-16 22:23:58 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\Malwarebytes2009-09-16 22:23:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes2009-09-16 22:23:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware2009-09-16 18:55:41 ----A---- C:\WINDOWS\wininit.ini2009-09-16 18:31:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2009-09-16 18:28:57 ----AD---- C:\WINDOWS\system32\images2009-09-16 18:16:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP2009-09-09 15:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$2009-09-09 15:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$2009-09-09 15:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$2009-08-27 10:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$======List of files/folders modified in the last 1 months======2009-09-21 13:04:35 ----D---- C:\WINDOWS\Temp2009-09-21 13:00:18 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt2009-09-21 13:00:18 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt2009-09-21 12:57:45 ----D---- C:\WINDOWS2009-09-21 12:55:16 ----A---- C:\WINDOWS\SchedLgU.Txt2009-09-21 12:44:11 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\Skype2009-09-21 12:35:59 ----D---- C:\WINDOWS\Registration2009-09-21 12:28:33 ----D---- C:\Program Files2009-09-21 12:18:49 ----D---- C:\WINDOWS\Prefetch2009-09-21 12:13:19 ----D---- C:\Program Files\Common Files2009-09-21 12:13:18 ----D---- C:\Program Files\Pure Networks2009-09-21 12:13:18 ----D---- C:\Program Files\Common Files\AOL2009-09-21 12:11:48 ----SHD---- C:\WINDOWS\Installer2009-09-21 12:11:35 ----SD---- C:\WINDOWS\Tasks2009-09-21 12:11:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft2009-09-21 12:11:35 ----HD---- C:\WINDOWS\inf2009-09-21 12:10:20 ----D---- C:\WINDOWS\system32\drivers2009-09-21 12:09:04 ----D---- C:\WINDOWS\system322009-09-21 12:07:53 ----D---- C:\Documents and Settings\All Users\Application Data\AOL2009-09-21 12:05:34 ----A---- C:\WINDOWS\win.ini2009-09-21 12:05:17 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\AOL2009-09-21 12:05:10 ----D---- C:\WINDOWS\system32\CatRoot22009-09-21 11:58:28 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\skypePM2009-09-18 16:21:21 ----RASH---- C:\boot.ini2009-09-16 22:38:55 ----D---- C:\Program Files\DIGStream2009-09-16 20:02:34 ----SD---- C:\WINDOWS\Downloaded Program Files2009-09-16 19:34:18 ----D---- C:\Program Files\Internet Explorer2009-09-12 17:56:32 ----D---- C:\WINDOWS\network diagnostic2009-09-09 15:02:07 ----RSHDC---- C:\WINDOWS\system32\dllcache2009-09-09 15:02:03 ----A---- C:\WINDOWS\imsins.BAK2009-09-09 15:01:58 ----HD---- C:\WINDOWS\$hf_mig$2009-09-09 15:01:49 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help2009-09-09 15:00:59 ----D---- C:\WINDOWS\ehome2009-09-08 09:29:13 ----D---- C:\WINDOWS\Microsoft.NET2009-08-28 16:38:20 ----A---- C:\WINDOWS\system32\MRT.exe2009-08-24 10:42:14 ----D---- C:\Program Files\McAfee======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-12-22 21275]R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-08-18 8552]R2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []R2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\RaInfo.sys []R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]R2 smihlp;SMI helper driver; \??\C:\Program Files\Protector Suite QL\smihlp.sys []R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 98816]R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-13 1124097]R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848]R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-30 1169980]R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]R3 LMImirr;LMImirr; C:\WINDOWS\system32\DRIVERS\LMImirr.sys [2006-10-06 8048]R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-06-30 26752]R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-05-05 28800]R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 15360]R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2006-05-30 45696]R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-04-01 471264]S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]S3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-03-21 179200]S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560]S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232]S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]S3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360]S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-07-13 22528]S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-04-09 237568]R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]R2 lxdf_device;lxdf_device; C:\WINDOWS\system32\lxdfcoms.exe [2007-05-29 598960]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640]R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]R2 Thpsrv;TOSHIBA HDD Protection; C:\WINDOWS\system32\ThpSrv.exe [2005-12-20 176128]R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2006-05-25 114688]R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]R3 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]S2 0141121251128546mcinstcleanup;McAfee Application Installer Cleanup (0141121251128546); C:\WINDOWS\TEMP\014112~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe [2007-05-29 99248]S2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-01-09 68112]S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]S4 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\RaMaint.exe [2006-10-06 62200]S4 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\LogMeIn.exe [2006-10-06 1622768]S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]-----------------EOF----------------- Link to post Share on other sites More sharing options...
Dakeyras Posted September 21, 2009 ID:130659 Share Posted September 21, 2009 Hi Please delete the copy of ComboFix you have on the desktop, then empty the Recycle Bin.StartUpLite:Please download this small application from here.It is very simple to use and quite effective and will advise about any unnecessary system startups that can be safely removed.Now reboot your computer.Download/Run ComboFix:Re-download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.Link 1Link 2-------------------------------------------------------------------- * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDouble click on Combo-Fix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt so we can continue cleaning the system. When completed the above, please post back the following in the order asked for:How is you computer performing now, any further symptoms and or problems encountered?ComboFix Log.A new HijackThis Log. Link to post Share on other sites More sharing options...
voight75 Posted September 21, 2009 Author ID:130689 Share Posted September 21, 2009 Dakeyras,Startup lite was no problem, but when I tried to download ComboFix, my McAfee immediately came up with a warning, saying it had removed a trojan and I got the following message:"Cannot Copy Combofix [1]. Access is denied. Make sure that the file is not full....." I was unable to copy down the rest before it disappeared. the foirst time I tried to download it, I accidentally forgot to rename it, however on three subsequent attempts, I renamed it and got the same error/trojan removal warning. Link to post Share on other sites More sharing options...
voight75 Posted September 21, 2009 Author ID:130724 Share Posted September 21, 2009 Dakeyras,The full error message is: "Cannot Copy Combofix [1]. Access is denied. Make sure that the diskis not full or write protected and that the fileis not currently in use" Link to post Share on other sites More sharing options...
Dakeyras Posted September 21, 2009 ID:130738 Share Posted September 21, 2009 Hi. OK no problem.Please delete the copy of ComboFix you have on the desktop, then empty the Recycle Bin.Then download this file and right click on it and select Install.Next:Now temp' disable your McAfee SecurityCenter applications and re-download a re-named ComboFix and run as outlined in my post here, thank you. Link to post Share on other sites More sharing options...
voight75 Posted September 21, 2009 Author ID:130756 Share Posted September 21, 2009 Dakeyras,I have encountered exactly the same problem with Combofix as I did the very first time. It loads, then after saying "scan usually takes up to 10 minutes etc", nothing happens. One point: when the combofix blue screen first loads, it says something like "Not enough main memory to complete sort", then it continues, creates system restore point, then carries on, as described above. Am I doing something wrong? Link to post Share on other sites More sharing options...
Dakeyras Posted September 21, 2009 ID:130765 Share Posted September 21, 2009 Hi. No you are not doing anything wrong, sometimes ComboFix will take quite some time if dealing with pernicious malware. In this instance it is sounding like another issue is a factor here also which is prudent to investigate.Leave ComboFix on the desktop but do not use it again unless I ask otherwise.OK we will try a different approach shall we as follows:Next:Please download exeHelper to your desktop.Double-click on exeHelper.com to run the fix.A black window should pop up, press any key to close once the fix is completed.Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).F-Secure Blacklight:Please download Blacklight from here to your desktop.orLink to it from the ftp site: ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe and save it to your desktop from there.Go to Start-->Run, copy in the following text, and press Enter:"%userprofile%\desktop\fsbl.exe" /expertAccept the license agreement. Click > scan, wait for it to finish, then click CloseThere will be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).Copy and paste the contents of this log into your next reply.Also post a new RSIT log please, thank you. Link to post Share on other sites More sharing options...
voight75 Posted September 21, 2009 Author ID:130779 Share Posted September 21, 2009 Dakeyras,Thank you for your continued patience. Ok, here we go. exeHelper log:exeHelper by Raktor - 09Build 20090919Run at 17:05:18 on 09/21/09Now searching...Checking for numerical processes...Checking for bad processes...Checking for bad files...Resetting filetype association for .exeResetting filetype association for .comResetting userinit and shell values...Resetting policies...--Finished--Blacklight log:09/21/09 17:10:53 [info]: BlackLight Engine 2.2.1092 initialized09/21/09 17:10:53 [info]: OS: 5.1 build 2600 (Service Pack 3)09/21/09 17:10:53 [Note]: 7019 409/21/09 17:10:53 [Note]: 7005 009/21/09 17:10:56 [Note]: 7006 009/21/09 17:10:56 [Note]: 7022 009/21/09 17:10:56 [Note]: 7011 183209/21/09 17:10:56 [Note]: 7035 009/21/09 17:10:56 [Note]: 7026 009/21/09 17:10:57 [Note]: 7026 009/21/09 17:10:57 [Note]: FSRAW library version 1.7.102409/21/09 17:15:19 [Note]: 7007 0RSIT log: (it only came up with one log this time (log.txt, no info.txt)Logfile of random's system information tool 1.06 (written by random/random)Run by Richard Lunan at 2009-09-21 17:16:02Microsoft Windows XP Professional Service Pack 3System drive C: has 83 GB (72%) free of 114 GBTotal RAM: 2039 MB (68% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:16:13 PM, on 9/21/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\lxdfcoms.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\ltmoh\Ltmoh.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\system32\thpsrv.exeC:\WINDOWS\system32\TPSMain.exeC:\WINDOWS\system32\TPSODDCtl.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exeC:\Program Files\TOSHIBA\TouchED\TouchED.ExeC:\WINDOWS\system32\TPSBattM.exeC:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exeC:\Program Files\Protector Suite QL\psqltray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exec:\TOSHIBA\IVP\swupdate\swupdtmr.exeC:\Program Files\LogMeIn\LogMeInSystray.exeC:\Program Files\Lexmark 6500 Series\lxdfmon.exeC:\Program Files\Lexmark 6500 Series\lxdfamon.exeC:\Program Files\Apoint2K\Apntex.exeC:\WINDOWS\system32\ThpSrv.exeC:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exeC:\Program Files\Logitech\QuickCam10\QuickCam10.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\TODDSrv.exeC:\Program Files\Webroot\Washer\wwDisp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Documents and Settings\All Users\Start Menu\Programs\Startup\00THotkey.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\WINDOWS\system32\RAMASST.exeC:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\Webroot\Washer\WasherSvc.exeC:\Program Files\iPod\bin\iPodService.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\WINDOWS\system32\notepad.exeC:\Documents and Settings\Richard Lunan\Desktop\RSIT.exeC:\Program Files\Trend Micro\HijackThis\Richard Lunan.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%sR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /trayO4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startupO4 - HKLM\..\Run: [ThpSrv] thpsrv /logonO4 - HKLM\..\Run: [000StTHK] 000StTHK.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exeO4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXEO4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeO4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyO4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hideO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exeO4 - Global Startup: 00THotkey.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstartO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: McAfee Application Installer Cleanup (0141121251128546) (0141121251128546mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\014112~1.EXE (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exeO23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exeO23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exeO23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exeO23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exeO23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe--End of file - 13724 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\AppleSoftwareUpdate.jobC:\WINDOWS\tasks\McDefragTask.jobC:\WINDOWS\tasks\McQcTask.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-27 256112][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-27 458736][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-27 256112][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-13 88204]"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-24 196608]"PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2006-05-05 30208]"ThpSrv"=thpsrv /logon []"000StTHK"=000StTHK.exe []"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2006-04-24 315392]"TPSODDCtl"=C:\WINDOWS\system32\TPSODDCtl.exe [2006-04-24 110592]"TOSDCR"=C:\WINDOWS\system32\TOSDCR.EXE [2005-12-13 57344]"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-12-06 1077322]"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2006-02-02 73728]"NDSTray.exe"=NDSTray.exe []"TFncKy"=TFncKy.exe []"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2005-05-17 49152]"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2005-06-28 126976]"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [2006-04-25 299008]"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-30 77824]"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-30 118784]"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]"LogMeIn GUI"=C:\Program Files\LogMeIn\LogMeInSystray.exe [2006-10-06 303864]"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]"lxdfmon.exe"=C:\Program Files\Lexmark 6500 Series\lxdfmon.exe [2007-06-11 455600]"lxdfamon"=C:\Program Files\Lexmark 6500 Series\lxdfamon.exe [2007-06-01 20480]"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"Window Washer"=C:\Program Files\Webroot\Washer\wwDisp.exe [2007-11-26 1206600]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-18 68856][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger] [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smoothview] [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] []C:\Documents and Settings\All Users\Start Menu\Programs\Startup00THotkey.exeLogitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeRAMASST.lnk - C:\WINDOWS\system32\RAMASST.exeC:\Documents and Settings\Richard Lunan\Start Menu\Programs\StartupDesktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]C:\WINDOWS\system32\igfxdev.dll [2006-06-30 139264][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]C:\WINDOWS\system32\LMIinit.dll [2006-10-06 11504][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]C:\WINDOWS\system32\psqlpwd.dll [2006-05-05 40448][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]"authentication packages"=msv1_0C:\WINDOWS\system32\efcDWOGa[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]"DisableTaskMgr"=0[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme"DisableTaskMgr"=0[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"_NoDriveTypeAutoRun"=145"NoDriveAutoRun"=67108863"NoDriveTypeAutoRun"=323[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"HonorAutoRunSetting"="NoDriveAutoRun"="NoDriveTypeAutoRun"=[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98a6c8a4-9c6b-11db-8373-00038a000015}]shell\AutoRun\command - E:\DTE_Privacy_launcher.exe======File associations======.reg - open - regedit.exe %1======List of files/folders created in the last 1 months======2009-09-21 16:29:04 ----SD---- C:\Combo-Fix2009-09-21 16:29:00 ----A---- C:\WINDOWS\system32\CF26683.exe2009-09-21 13:04:33 ----D---- C:\rsit2009-09-21 12:33:46 ----D---- C:\_OTM2009-09-21 12:28:33 ----D---- C:\Program Files\ERUNT2009-09-21 12:09:04 ----SHD---- C:\Config.Msi2009-09-21 12:05:01 ----A---- C:\WINDOWS\msoffice.ini2009-09-18 18:42:19 ----A---- C:\WINDOWS\system32\CF22120.exe2009-09-18 17:13:29 ----A---- C:\WINDOWS\system32\CF12624.exe2009-09-18 17:11:52 ----A---- C:\WINDOWS\system32\CF28307.exe2009-09-18 16:21:20 ----A---- C:\Boot.bak2009-09-18 16:21:10 ----RASHD---- C:\cmdcons2009-09-18 16:16:59 ----A---- C:\WINDOWS\zip.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\SWXCACLS.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\SWSC.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\SWREG.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\sed.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\PEV.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\NIRCMD.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\grep.exe2009-09-18 16:16:23 ----D---- C:\WINDOWS\ERDNT2009-09-18 16:16:16 ----A---- C:\WINDOWS\system32\CF10636.exe2009-09-18 16:15:40 ----D---- C:\Qoobox2009-09-18 15:37:46 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt2009-09-17 11:27:59 ----D---- C:\Program Files\Trend Micro2009-09-17 11:01:34 ----D---- C:\Program Files\Enigma Software Group2009-09-16 22:23:58 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\Malwarebytes2009-09-16 22:23:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes2009-09-16 22:23:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware2009-09-16 18:55:41 ----A---- C:\WINDOWS\wininit.ini2009-09-16 18:31:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2009-09-16 18:28:57 ----AD---- C:\WINDOWS\system32\images2009-09-16 18:16:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP2009-09-09 15:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$2009-09-09 15:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$2009-09-09 15:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$2009-08-27 10:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$======List of files/folders modified in the last 1 months======2009-09-21 17:16:04 ----D---- C:\WINDOWS\Temp2009-09-21 16:32:14 ----D---- C:\WINDOWS\system32\CatRoot22009-09-21 16:30:06 ----A---- C:\WINDOWS\SchedLgU.Txt2009-09-21 16:29:37 ----D---- C:\WINDOWS\Prefetch2009-09-21 16:29:09 ----D---- C:\WINDOWS\system322009-09-21 16:27:17 ----D---- C:\WINDOWS\Registration2009-09-21 16:27:01 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt2009-09-21 16:27:01 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt2009-09-21 16:23:49 ----D---- C:\WINDOWS2009-09-21 14:18:16 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\Skype2009-09-21 12:28:33 ----D---- C:\Program Files2009-09-21 12:13:19 ----D---- C:\Program Files\Common Files2009-09-21 12:13:18 ----D---- C:\Program Files\Pure Networks2009-09-21 12:13:18 ----D---- C:\Program Files\Common Files\AOL2009-09-21 12:11:48 ----SHD---- C:\WINDOWS\Installer2009-09-21 12:11:35 ----SD---- C:\WINDOWS\Tasks2009-09-21 12:11:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft2009-09-21 12:11:35 ----HD---- C:\WINDOWS\inf2009-09-21 12:10:20 ----D---- C:\WINDOWS\system32\drivers2009-09-21 12:07:53 ----D---- C:\Documents and Settings\All Users\Application Data\AOL2009-09-21 12:05:34 ----A---- C:\WINDOWS\win.ini2009-09-21 12:05:17 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\AOL2009-09-21 11:58:28 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\skypePM2009-09-18 16:21:21 ----RASH---- C:\boot.ini2009-09-16 22:38:55 ----D---- C:\Program Files\DIGStream2009-09-16 20:02:34 ----SD---- C:\WINDOWS\Downloaded Program Files2009-09-16 19:34:18 ----D---- C:\Program Files\Internet Explorer2009-09-12 17:56:32 ----D---- C:\WINDOWS\network diagnostic2009-09-09 15:02:07 ----RSHDC---- C:\WINDOWS\system32\dllcache2009-09-09 15:02:03 ----A---- C:\WINDOWS\imsins.BAK2009-09-09 15:01:58 ----HD---- C:\WINDOWS\$hf_mig$2009-09-09 15:01:49 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help2009-09-09 15:00:59 ----D---- C:\WINDOWS\ehome2009-09-08 09:29:13 ----D---- C:\WINDOWS\Microsoft.NET2009-08-28 16:38:20 ----A---- C:\WINDOWS\system32\MRT.exe2009-08-24 10:42:14 ----D---- C:\Program Files\McAfee======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-12-22 21275]R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-08-18 8552]R2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []R2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\RaInfo.sys []R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]R2 smihlp;SMI helper driver; \??\C:\Program Files\Protector Suite QL\smihlp.sys []R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 98816]R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-13 1124097]R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848]R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-30 1169980]R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]R3 LMImirr;LMImirr; C:\WINDOWS\system32\DRIVERS\LMImirr.sys [2006-10-06 8048]R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-06-30 26752]R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-05-05 28800]R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 15360]R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2006-05-30 45696]R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-04-01 471264]S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]S3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-03-21 179200]S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560]S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232]S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]S3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360]S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-07-13 22528]S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-04-09 237568]R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]R2 lxdf_device;lxdf_device; C:\WINDOWS\system32\lxdfcoms.exe [2007-05-29 598960]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640]R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]R2 Thpsrv;TOSHIBA HDD Protection; C:\WINDOWS\system32\ThpSrv.exe [2005-12-20 176128]R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2006-05-25 114688]R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]R3 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]S2 0141121251128546mcinstcleanup;McAfee Application Installer Cleanup (0141121251128546); C:\WINDOWS\TEMP\014112~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]S2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe [2007-05-29 99248]S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]S2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-01-09 68112]S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]S4 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\RaMaint.exe [2006-10-06 62200]S4 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\LogMeIn.exe [2006-10-06 1622768]S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]-----------------EOF----------------- Link to post Share on other sites More sharing options...
Dakeyras Posted September 21, 2009 ID:130800 Share Posted September 21, 2009 Hi. Thank you for your continued patience. Ok, here we go.You're welcome!Before we start:Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. Because of this, I advise you to backup any personal files and folders before you start. Backup the Registry:Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.Please navigate to Start >> All Programs >> ERUNT >> ERUNTClick on OK within the pop-up menu.In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:System registryCurrent user registryNext click on OKWhen the Question pop-up appears click on YesAfter a short duration the Registry backup is complete! popup will appearNow click on OK. A backup has been created.Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.Next:Download a fresh copy of ComboFix, do not use it yet!Next:Now I will be asking you to boot into Safe Mode for the next part of the fix. It may prove beneficial if you print of the following instructions or save them to notepad as you will not have Internet access whilst in the aforementioned safe mode.How to boot into Safe Mode:Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Safe Mode, do so.If any problems refer to this tutorial.In safe mode carry out the following:Check your McAfee SecurityCenter is not active and then double click on ComboFix and follow the prompts.If your computer is not rebooted back into normal mode please do so now.When completed the above, please post back the following in the order asked for:How is you computer performing now, any other symptoms and or problems encountered?ComboFix Log. <-- It will be loacated here:- C:\combofix.txtA new HijackThis Log. Link to post Share on other sites More sharing options...
voight75 Posted September 22, 2009 Author ID:130853 Share Posted September 22, 2009 Dakeyras,Ok, here we go. Computer seems to be the same. Still getting some hijacked search results. Also, my external volume control switch has stpped working, and some of my favorites "targets" have disappeared.Here is the combofix log:ComboFix 09-09-20.04 - Richard Lunan 09/21/2009 18:18.1.2 - NTFSx86 MINIMALMicrosoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1759 [GMT -5:00]Running from: c:\documents and settings\Richard Lunan\Desktop\Combo-Fix.exeAV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\kb913800.exec:\windows\run.logc:\windows\system32\imagesc:\windows\system32\images\i1.gifc:\windows\system32\images\i2.gifc:\windows\system32\images\i3.gifc:\windows\system32\images\j1.gifc:\windows\system32\images\j2.gifc:\windows\system32\images\j3.gifc:\windows\system32\images\jj1.gifc:\windows\system32\images\jj2.gifc:\windows\system32\images\jj3.gifc:\windows\system32\images\l1.gifc:\windows\system32\images\l2.gifc:\windows\system32\images\l3.gifc:\windows\system32\images\pix.gifc:\windows\system32\images\t1.gifc:\windows\system32\images\t2.gifc:\windows\system32\images\up1.gifc:\windows\system32\images\up2.gifc:\windows\system32\images\w1.gifc:\windows\system32\images\w11.gifc:\windows\system32\images\w2.gifc:\windows\system32\images\w3.gifc:\windows\system32\images\w3.jpgc:\windows\system32\images\wt1.gifc:\windows\system32\images\wt2.gifc:\windows\system32\images\wt3.gifc:\windows\wiaserviv.log.((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 ))))))))))))))))))))))))))))))).2009-09-21 18:04 . 2009-09-21 18:04 -------- d-----w- C:\rsit2009-09-21 17:33 . 2009-09-21 17:33 -------- d-----w- C:\_OTM2009-09-21 17:28 . 2009-09-21 17:28 -------- d-----w- c:\program files\ERUNT2009-09-17 16:27 . 2009-09-17 16:27 -------- d-----w- c:\program files\Trend Micro2009-09-17 16:01 . 2009-09-17 16:01 -------- d-----w- c:\program files\Enigma Software Group2009-09-17 03:23 . 2009-09-17 03:23 -------- d-----w- c:\documents and settings\Richard Lunan\Application Data\Malwarebytes2009-09-17 03:23 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-09-17 03:23 . 2009-09-17 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2009-09-17 03:23 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2009-09-17 03:23 . 2009-09-17 03:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2009-09-17 00:34 . 2009-09-17 00:33 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys2009-09-17 00:33 . 2009-09-17 00:43 -------- d-----w- c:\documents and settings\Richard Lunan\.housecall6.62009-09-17 00:11 . 2009-09-17 00:11 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore2009-09-16 23:31 . 2009-09-17 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2009-09-16 23:16 . 2009-09-21 17:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2009-09-09 13:46 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-18 68856][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ThpSrv"="thpsrv" [X]"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-06 30208]"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-06-29 126976]"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-26 299008]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-30 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-30 118784]"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]"LogMeIn GUI"="c:\program files\LogMeIn\LogMeInSystray.exe" [2006-10-07 303864]"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]"lxdfmon.exe"="c:\program files\Lexmark 6500 Series\lxdfmon.exe" [2007-06-11 455600]"lxdfamon"="c:\program files\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-12-13 88204]"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2006-04-25 315392]"TPSODDCtl"="TPSODDCtl.exe" - c:\windows\system32\TPSODDCtl.exe [2006-04-25 110592]"TOSDCR"="TOSDCR.EXE" - c:\windows\system32\TOSDCR.exe [2005-12-13 57344]"NDSTray.exe"="NDSTray.exe" [bU]"TFncKy"="TFncKy.exe" [bU][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]c:\documents and settings\Richard Lunan\Start Menu\Programs\Startup\Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2006-9-7 1114217]c:\documents and settings\All Users\Start Menu\Programs\Startup\00THotkey.exe [2006-7-5 258048]Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-7-20 67128]RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-8-18 155648][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]2006-10-07 00:56 11504 ------w- c:\windows\system32\LMIinit.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@=""HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTrayHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PingerHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime TaskHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smoothviewHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swgHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R2 0141121251128546mcinstcleanup;McAfee Application Installer Cleanup (0141121251128546);c:\windows\TEMP\014112~1.EXE [x]R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe [2007-05-29 99248]S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2004-12-28 16384]S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2004-11-13 6144]S2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-05-06 13568]S2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-05-06 33024]S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\RaInfo.sys [2006-10-07 11120]S2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe [2007-05-29 598960]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]S2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [2006-05-06 3456]S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [2006-06-28 98816]S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP.Contents of the 'Scheduled Tasks' folder2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 17:34]2007-01-20 c:\windows\Tasks\McDefragTask.job- c:\program files\mcafee\mqc\QcConsol.exe [2007-01-20 15:53]2007-01-20 c:\windows\Tasks\McQcTask.job- c:\program files\mcafee\mqc\QcConsol.exe [2007-01-20 15:53]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mWindow Title = Windows Internet Explorer provided by ComcastuInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000.- - - - ORPHANS REMOVED - - - -HKLM-Run-000StTHK - 000StTHK.exeMSConfigStartUp-CTFMON - (no file)**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-09-21 18:49Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(676)c:\windows\system32\WININET.dllc:\windows\system32\LMIinit.dllc:\windows\system32\psqlpwd.dllc:\program files\Protector Suite QL\infra.dllc:\program files\Protector Suite QL\homefus2.dllc:\windows\system32\biologon.dllc:\program files\Protector Suite QL\homepass.dllc:\program files\Protector Suite QL\bio.dllc:\program files\Protector Suite QL\remote.dllc:\program files\Protector Suite QL\crypto.dllc:\program files\McAfee\SiteAdvisor\saHook.dllc:\program files\Protector Suite QL\mysafe.dll- - - - - - - > 'lsass.exe'(736)c:\windows\system32\WININET.dll- - - - - - - > 'explorer.exe'(440)c:\windows\system32\WININET.dlltdlwsp.dll 10000000 36864 \\?\globalroot\Device\Ide\IdePort1\vmksljia\vmksljia\tdlwsp.dllc:\program files\McAfee\SiteAdvisor\saHook.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\program files\Protector Suite QL\mysafe.dllc:\program files\Protector Suite QL\infra.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\windows\system32\TPwrCfg.DLLc:\windows\system32\TPwrReg.dllc:\windows\system32\TPSTrace.DLL.------------------------ Other Running Processes ------------------------.c:\program files\Intel\Wireless\Bin\EvtEng.exec:\program files\Intel\Wireless\Bin\S24EvMon.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Toshiba\ConfigFree\CFSvcs.exec:\windows\system32\DVDRAMSV.exec:\windows\ehome\ehrecvr.exec:\windows\ehome\ehSched.exec:\progra~1\McAfee\MSC\mcmscsvc.exec:\program files\Common Files\McAfee\MNA\McNASvc.exec:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exec:\progra~1\McAfee\VIRUSS~1\Mcshield.exec:\program files\McAfee\MSK\msksrver.exec:\program files\Intel\Wireless\Bin\RegSrvc.exec:\progra~1\McAfee.com\Agent\mcagent.exec:\toshiba\IVP\swupdate\swupdtmr.exec:\windows\system32\ThpSrv.exec:\windows\system32\TODDSrv.exec:\windows\ehome\mcrdsvc.exec:\windows\system32\dllhost.exec:\windows\system32\wscntfy.exec:\windows\system32\ThpSrv.exec:\program files\Toshiba\ConfigFree\NDSTray.exec:\program files\Protector Suite QL\psqltray.exec:\windows\system32\TPSBattM.exec:\program files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exec:\program files\Apoint2K\ApntEx.exec:\documents and settings\All Users\Start Menu\Programs\Startup\00THotkey.exec:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exec:\program files\iPod\bin\iPodService.exec:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exec:\program files\McAfee\MPF\MpfSrv.exec:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exec:\program files\Internet Explorer\iexplore.exec:\program files\Internet Explorer\iexplore.exe.**************************************************************************.Completion time: 2009-09-21 19:00 - machine was rebootedComboFix-quarantined-files.txt 2009-09-22 00:00Pre-Run: 88,997,949,440 bytes freePost-Run: 86,746,365,952 bytes free252 --- E O F --- 2009-09-14 14:05Here is the Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:06:57 PM, on 9/21/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\lxdfcoms.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exec:\PROGRA~1\mcafee.com\agent\mcagent.exec:\TOSHIBA\IVP\swupdate\swupdtmr.exeC:\WINDOWS\system32\ThpSrv.exeC:\WINDOWS\system32\TODDSrv.exeC:\Program Files\Webroot\Washer\WasherSvc.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\ltmoh\Ltmoh.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\system32\thpsrv.exeC:\WINDOWS\system32\TPSMain.exeC:\WINDOWS\system32\TPSODDCtl.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\Protector Suite QL\psqltray.exeC:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exeC:\WINDOWS\system32\TPSBattM.exeC:\Program Files\TOSHIBA\TouchED\TouchED.ExeC:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\LogMeIn\LogMeInSystray.exeC:\Program Files\Lexmark 6500 Series\lxdfmon.exeC:\Program Files\Lexmark 6500 Series\lxdfamon.exeC:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exeC:\Program Files\Logitech\QuickCam10\QuickCam10.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\Webroot\Washer\wwDisp.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Documents and Settings\All Users\Start Menu\Programs\Startup\00THotkey.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\WINDOWS\system32\RAMASST.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%sR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startupO4 - HKLM\..\Run: [ThpSrv] thpsrv /logonO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exeO4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXEO4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeO4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyO4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hideO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exeO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exeO4 - Global Startup: 00THotkey.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstartO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: McAfee Application Installer Cleanup (0141121251128546) (0141121251128546mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\014112~1.EXE (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exeO23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exeO23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exeO23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exeO23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exeO23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe--End of file - 13469 bytes Link to post Share on other sites More sharing options...
Dakeyras Posted September 22, 2009 ID:131042 Share Posted September 22, 2009 Hi. Also, my external volume control switch has stpped workingCould you elaborate upon this please, do you mean on the actual speakers or a switch that is physically connected to the computer and or the system tray volume control?and some of my favorites "targets" have disappeared.Most unfortunate, they may reappear but slim. Very likely they were compromised in some way.Unfortunately it appears your machine is more badly infected that has been apparent so far. As mentioned in my prior post be prepared in-case I have to ultimately advise a re-format and re-install of your operating system.OK your installed Protector Suite may be hindering the malware removal process also, so it might have to be removed.Malwarebytes Anti-Malware: Launch the application, Check for Updates >> Perform a Quick ScanWhen the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. please copy and paste the log into your next reply.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. <-- See Extra Note.Extra Note: Failure to reboot will prevent MBAM from removing all the malware, please ensure this is done as quickly as possible if prompted to do so. As this will prevent the malware from re-spawning.Next:Please run another scan with GMER as outlined hereNext:Please download the Win32kDiag.exe tool from here and save it to your desktop: Once downloaded, double-click on the program and let it finish. When it states Finished! Press any key to exit..., you can press any key on your keyboard to close the program. On your desktop should now be a file called Win32kDiag.txt. Double-click on this file and post the contents as a reply to this topic.When completed the above, please post back the following:How is you computer performing now? Any problems encountered and or any further symptoms?Malwarebytes Anti-Malware Log.A new Gmer Log.The contents of Win32kDiag.txt.A new RSIT Log. <-- Only one will be produced and this is all I need. Link to post Share on other sites More sharing options...
voight75 Posted September 22, 2009 Author ID:131089 Share Posted September 22, 2009 Dakeyras,Ok, I was a little hasty with the volume control issue and the favorites targets. Both are now restored to normal (the volume control issue was that the switch on the side of the computer that I use to control the volume was not working, it had to be done through the sound manager,but all is working now.)Ok here goes:My computer is the same. Hijacked search results in IE and a little less slow on boot up. Apart from that, nothing new or worse. Every time I run MBAM the same thing happens. It finds 2 rootkit files, which despite removal attempts, are always there after reboot.MBAM log:Malwarebytes' Anti-Malware 1.41Database version: 2842Windows 5.1.2600 Service Pack 39/22/2009 7:31:46 AMmbam-log-2009-09-22 (07-31-46).txtScan type: Quick ScanObjects scanned: 111360Win32Diag:Running from: C:\Documents and Settings\Richard Lunan\Desktop\Win32kDiag.exeLog file at : C:\Documents and Settings\Richard Lunan\Desktop\Win32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:\WINDOWS'...Finished!RSIT:Logfile of random's system information tool 1.06 (written by random/random)Run by Richard Lunan at 2009-09-22 07:53:39Microsoft Windows XP Professional Service Pack 3System drive C: has 83 GB (72%) free of 114 GBTotal RAM: 2039 MB (67% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:53:41 AM, on 9/22/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\lxdfcoms.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exec:\TOSHIBA\IVP\swupdate\swupdtmr.exeC:\WINDOWS\system32\ThpSrv.exeC:\WINDOWS\system32\TODDSrv.exeC:\Program Files\Webroot\Washer\WasherSvc.exeC:\WINDOWS\system32\fxssvc.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\ltmoh\Ltmoh.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\system32\thpsrv.exeC:\WINDOWS\system32\TPSODDCtl.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\Program Files\Protector Suite QL\psqltray.exeC:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exeC:\Program Files\TOSHIBA\TouchED\TouchED.ExeC:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\TPSBattM.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\LogMeIn\LogMeInSystray.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Lexmark 6500 Series\lxdfmon.exeC:\Program Files\Lexmark 6500 Series\lxdfamon.exeC:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\Logitech\QuickCam10\QuickCam10.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\All Users\Start Menu\Programs\Startup\00THotkey.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\WINDOWS\system32\RAMASST.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\internet explorer\iexplore.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exeC:\Program Files\internet explorer\iexplore.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\WINDOWS\system32\msiexec.exeC:\WINDOWS\explorer.exeC:\Documents and Settings\Richard Lunan\Desktop\RSIT.exeC:\Program Files\Trend Micro\HijackThis\Richard Lunan.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%sR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startupO4 - HKLM\..\Run: [ThpSrv] thpsrv /logonO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exeO4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXEO4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeO4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyO4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hideO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exeO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')O4 - Global Startup: 00THotkey.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstartO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: McAfee Application Installer Cleanup (0141121251128546) (0141121251128546mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\014112~1.EXE (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exeO23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exeO23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exeO23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exeO23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exeO23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe--End of file - 13712 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\AppleSoftwareUpdate.jobC:\WINDOWS\tasks\McDefragTask.jobC:\WINDOWS\tasks\McQcTask.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-27 256112][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-27 458736][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-27 256112][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-13 88204]"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-24 196608]"PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2006-05-05 30208]"ThpSrv"=thpsrv /logon []"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2006-04-24 315392]"TPSODDCtl"=C:\WINDOWS\system32\TPSODDCtl.exe [2006-04-24 110592]"TOSDCR"=C:\WINDOWS\system32\TOSDCR.EXE [2005-12-13 57344]"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-12-06 1077322]"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2006-02-02 73728]"NDSTray.exe"=NDSTray.exe []"TFncKy"=TFncKy.exe []"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2005-05-17 49152]"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2005-06-28 126976]"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [2006-04-25 299008]"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-30 77824]"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-30 118784]"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]"LogMeIn GUI"=C:\Program Files\LogMeIn\LogMeInSystray.exe [2006-10-06 303864]"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]"lxdfmon.exe"=C:\Program Files\Lexmark 6500 Series\lxdfmon.exe [2007-06-11 455600]"lxdfamon"=C:\Program Files\Lexmark 6500 Series\lxdfamon.exe [2007-06-01 20480]"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"Window Washer"=C:\Program Files\Webroot\Washer\wwDisp.exe [2007-11-26 1206600]"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-18 68856]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]C:\Documents and Settings\All Users\Start Menu\Programs\Startup00THotkey.exeLogitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeRAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]C:\WINDOWS\system32\igfxdev.dll [2006-06-30 139264][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]C:\WINDOWS\system32\LMIinit.dll [2006-10-06 11504][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]C:\WINDOWS\system32\psqlpwd.dll [2006-05-05 40448][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"_NoDriveTypeAutoRun"=145"NoDriveAutoRun"=67108863"NoDriveTypeAutoRun"=323"NoDrives"=0[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"HonorAutoRunSetting"="NoDriveAutoRun"="NoDriveTypeAutoRun"="NoDrives"=[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"======List of files/folders created in the last 1 months======2009-09-21 19:08:34 ----SHD---- C:\RECYCLER2009-09-21 19:01:00 ----A---- C:\ComboFix.txt2009-09-21 18:06:47 ----A---- C:\WINDOWS\ntbtlog.txt2009-09-21 13:04:33 ----D---- C:\rsit2009-09-21 12:33:46 ----D---- C:\_OTM2009-09-21 12:28:33 ----D---- C:\Program Files\ERUNT2009-09-21 12:05:01 ----A---- C:\WINDOWS\msoffice.ini2009-09-18 16:21:20 ----A---- C:\Boot.bak2009-09-18 16:21:10 ----RASHD---- C:\cmdcons2009-09-18 16:16:59 ----A---- C:\WINDOWS\zip.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\SWXCACLS.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\SWSC.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\SWREG.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\sed.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\PEV.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\NIRCMD.exe2009-09-18 16:16:59 ----A---- C:\WINDOWS\grep.exe2009-09-18 16:16:23 ----D---- C:\WINDOWS\ERDNT2009-09-18 16:15:40 ----D---- C:\Qoobox2009-09-18 15:37:46 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt2009-09-17 11:27:59 ----D---- C:\Program Files\Trend Micro2009-09-17 11:01:34 ----D---- C:\Program Files\Enigma Software Group2009-09-16 22:23:58 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\Malwarebytes2009-09-16 22:23:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes2009-09-16 22:23:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware2009-09-16 18:55:41 ----A---- C:\WINDOWS\wininit.ini2009-09-16 18:31:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2009-09-16 18:16:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP2009-09-09 15:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$2009-09-09 15:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$2009-09-09 15:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$2009-08-27 10:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$======List of files/folders modified in the last 1 months======2009-09-22 07:53:40 ----D---- C:\WINDOWS\Temp2009-09-22 07:52:44 ----D---- C:\WINDOWS\Prefetch2009-09-22 07:46:13 ----SHD---- C:\WINDOWS\Installer2009-09-22 07:45:59 ----D---- C:\WINDOWS\system32\CatRoot22009-09-22 07:45:53 ----HD---- C:\WINDOWS\inf2009-09-22 07:45:41 ----D---- C:\Program Files2009-09-22 07:45:40 ----D---- C:\Program Files\Common Files\Research In Motion2009-09-22 07:41:06 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt2009-09-22 07:40:11 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt2009-09-22 07:33:49 ----D---- C:\WINDOWS2009-09-22 07:32:29 ----A---- C:\WINDOWS\SchedLgU.Txt2009-09-21 19:24:43 ----D---- C:\WINDOWS\Registration2009-09-21 19:20:09 ----D---- C:\WINDOWS\system32\CatRoot2009-09-21 19:19:36 ----D---- C:\WINDOWS\system32\drivers2009-09-21 19:01:13 ----D---- C:\WINDOWS\system322009-09-21 18:52:35 ----A---- C:\WINDOWS\system.ini2009-09-21 18:41:22 ----D---- C:\WINDOWS\system32\config2009-09-21 18:30:50 ----D---- C:\WINDOWS\AppPatch2009-09-21 18:30:47 ----D---- C:\Program Files\Common Files2009-09-21 14:18:16 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\Skype2009-09-21 12:13:18 ----D---- C:\Program Files\Pure Networks2009-09-21 12:13:18 ----D---- C:\Program Files\Common Files\AOL2009-09-21 12:11:35 ----SD---- C:\WINDOWS\Tasks2009-09-21 12:11:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft2009-09-21 12:07:53 ----D---- C:\Documents and Settings\All Users\Application Data\AOL2009-09-21 12:05:34 ----A---- C:\WINDOWS\win.ini2009-09-21 12:05:17 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\AOL2009-09-21 11:58:28 ----D---- C:\Documents and Settings\Richard Lunan\Application Data\skypePM2009-09-18 16:21:21 ----RASH---- C:\boot.ini2009-09-16 22:38:55 ----D---- C:\Program Files\DIGStream2009-09-16 20:02:34 ----SD---- C:\WINDOWS\Downloaded Program Files2009-09-16 19:34:18 ----D---- C:\Program Files\Internet Explorer2009-09-12 17:56:32 ----D---- C:\WINDOWS\network diagnostic2009-09-09 15:02:07 ----RSHDC---- C:\WINDOWS\system32\dllcache2009-09-09 15:02:03 ----A---- C:\WINDOWS\imsins.BAK2009-09-09 15:01:58 ----HD---- C:\WINDOWS\$hf_mig$2009-09-09 15:01:49 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help2009-09-09 15:00:59 ----D---- C:\WINDOWS\ehome2009-09-08 09:29:13 ----D---- C:\WINDOWS\Microsoft.NET2009-08-28 16:38:20 ----A---- C:\WINDOWS\system32\MRT.exe2009-08-24 10:42:14 ----D---- C:\Program Files\McAfee======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-12-22 21275]R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-08-18 8552]R2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []R2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\RaInfo.sys []R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]R2 smihlp;SMI helper driver; \??\C:\Program Files\Protector Suite QL\smihlp.sys []R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 98816]R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-13 1124097]R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848]R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-30 1169980]R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]R3 LMImirr;LMImirr; C:\WINDOWS\system32\DRIVERS\LMImirr.sys [2006-10-06 8048]R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-05-05 28800]R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 15360]R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2006-05-30 45696]R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-04-01 471264]S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]S3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-03-21 179200]S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560]S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232]S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]S3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360]S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys []S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-06-30 26752]S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]S3 uxldrpob;uxldrpob; \??\C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\uxldrpob.sys []S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-04-09 237568]R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]R2 lxdf_device;lxdf_device; C:\WINDOWS\system32\lxdfcoms.exe [2007-05-29 598960]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640]R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]R2 Thpsrv;TOSHIBA HDD Protection; C:\WINDOWS\system32\ThpSrv.exe [2005-12-20 176128]R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2006-05-25 114688]R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]R3 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]S2 0141121251128546mcinstcleanup;McAfee Application Installer Cleanup (0141121251128546); C:\WINDOWS\TEMP\014112~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe [2007-05-29 99248]S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-01-09 68112]S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]S4 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\RaMaint.exe [2006-10-06 62200]S4 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\LogMeIn.exe [2006-10-06 1622768]S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]-----------------EOF-----------------Time elapsed: 6 minute(s), 47 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:\\?\globalroot\Device\Ide\IdePort1\mqpikbfn\mqpikbfn\tdlwsp.dll (Rootkit.TDSS) -> Delete on reboot.Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:\\?\globalroot\Device\Ide\IdePort1\mqpikbfn\mqpikbfn\tdlwsp.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.GMER log:GMER 1.0.15.15087 - http://www.gmer.netRootkit scan 2009-09-22 07:49:42Windows 5.1.2600 Service Pack 3Running: c6dkf72x.exe; Driver: C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\uxldrpob.sys---- System - GMER 1.0.15 ----Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA92134EA]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA9213581]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA9213498]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA92134AC]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA9213595]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA92135C1]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA921362F]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA9213619]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA921352A]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA921365B]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA921356D]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA9213470]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA9213484]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA92134FE]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA9213697]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA9213603]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA92135ED]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA92135AB]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA9213683]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA921366F]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA92134D6]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA92134C2]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA92135D7]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA9213559]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA9213645]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA9213540]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA9213514]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFileCode \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSectionCode \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcessCode \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThreadCode \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)AttachedDevice \FileSystem\Ntfs \Ntfs FdRedir.sys (File Disk Redirector/UPEK Inc.)AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)---- Processes - GMER 1.0.15 ----Library \\?\globalroot\Device\Ide\IdePort1\rrdnnoix\rrdnnoix\tdlwsp.dll (*** hidden *** ) @ C:\Program Files\internet explorer\iexplore.exe [2284] 0x10000000 Library \\?\globalroot\Device\Ide\IdePort1\rrdnnoix\rrdnnoix\tdlwsp.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [3020] 0x10000000 Library \\?\globalroot\Device\Ide\IdePort1\rrdnnoix\rrdnnoix\tdlwsp.dll (*** hidden *** ) @ C:\Program Files\internet explorer\iexplore.exe [4124] 0x10000000 Library \\?\globalroot\Device\Ide\IdePort1\rrdnnoix\rrdnnoix\tdlwsp.dll (*** hidden *** ) @ C:\Program Files\internet explorer\iexplore.exe [5016] 0x10000000 ---- EOF - GMER 1.0.15 ---- Link to post Share on other sites More sharing options...
voight75 Posted September 22, 2009 Author ID:131090 Share Posted September 22, 2009 Here is the full MBAM log, apologies, it appeared to not paste properly above.Malwarebytes' Anti-Malware 1.41Database version: 2842Windows 5.1.2600 Service Pack 39/22/2009 7:31:46 AMmbam-log-2009-09-22 (07-31-46).txtScan type: Quick ScanObjects scanned: 111360Time elapsed: 6 minute(s), 47 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:\\?\globalroot\Device\Ide\IdePort1\mqpikbfn\mqpikbfn\tdlwsp.dll (Rootkit.TDSS) -> Delete on reboot.Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:\\?\globalroot\Device\Ide\IdePort1\mqpikbfn\mqpikbfn\tdlwsp.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
Dakeyras Posted September 22, 2009 ID:131114 Share Posted September 22, 2009 Hi. OK I need you to run a file search for myself to see if any other versions on-board that can be used to replace the corrupted one being used as a launch point for this pernicious malware as follows:Run a File Search:Press Start->Run, copy/paste the following command into the box and press OK:cmd /c dir C:\*.* /L /A /B /S|Find "iexplore.exe" >> "%userprofile%\desktop\look.txt"A blank command window will open on your desktop, then close in a minute or two. This is normal. A file called look.txt should appear on your Desktop. Please post the contents of this file.Next:Now use this command to carry out another search:cmd /c dir C:\*.* /L /A /B /S|Find "tdlwsp.dll" >> "%userprofile%\desktop\look.txt"Another file called look.txt should appear on your Desktop. Please post the contents of this file(if anything in it). Link to post Share on other sites More sharing options...
voight75 Posted September 22, 2009 Author ID:131144 Share Posted September 22, 2009 Dakeyras,Ok, I carried out both searches. The second one did not yield a look.txt file. I have posted the look.txt from the first file search below.c:\program files\internet explorer\iexplore.exec:\program files\internet explorer\iexplore.exe.muic:\program files\internet explorer\en-us\iexplore.exe.muic:\windows\$hf_mig$\kb931768-ie7\sp2qfe\iexplore.exec:\windows\$hf_mig$\kb933566-ie7\sp2qfe\iexplore.exec:\windows\$hf_mig$\kb937143-ie7\sp2qfe\iexplore.exec:\windows\$hf_mig$\kb939653-ie7\sp2qfe\iexplore.exec:\windows\$hf_mig$\kb942615-ie7\sp2qfe\iexplore.exec:\windows\$hf_mig$\kb944533-ie7\sp2qfe\iexplore.exec:\windows\$hf_mig$\kb947864-ie7\sp2qfe\iexplore.exec:\windows\$hf_mig$\kb950759-ie7\sp2qfe\iexplore.exec:\windows\$hf_mig$\kb953838-ie7\sp2qfe\iexplore.exec:\windows\$hf_mig$\kb956390-ie7\sp2qfe\iexplore.exec:\windows\$hf_mig$\kb958215-ie7\sp2qfe\iexplore.exec:\windows\$hf_mig$\kb961260-ie7\sp2qfe\iexplore.exec:\windows\$hf_mig$\kb963027-ie7\sp3qfe\iexplore.exec:\windows\$hf_mig$\kb969897-ie7\sp3qfe\iexplore.exec:\windows\ie7\iexplore.exec:\windows\ie7updates\kb928090-ie7\iexplore.exec:\windows\ie7updates\kb931768-ie7\iexplore.exec:\windows\ie7updates\kb933566-ie7\iexplore.exec:\windows\ie7updates\kb937143-ie7\iexplore.exec:\windows\ie7updates\kb939653-ie7\iexplore.exec:\windows\ie7updates\kb942615-ie7\iexplore.exec:\windows\ie7updates\kb944533-ie7\iexplore.exec:\windows\ie7updates\kb947864-ie7\iexplore.exec:\windows\ie7updates\kb950759-ie7\iexplore.exec:\windows\ie7updates\kb953838-ie7\iexplore.exec:\windows\ie7updates\kb956390-ie7\iexplore.exec:\windows\ie7updates\kb958215-ie7\iexplore.exec:\windows\ie7updates\kb961260-ie7\iexplore.exec:\windows\ie7updates\kb963027-ie7\iexplore.exec:\windows\ie7updates\kb969897-ie7\iexplore.exec:\windows\ie8\iexplore.exec:\windows\ie8\iexplore.exe.muic:\windows\prefetch\iexplore.exe-27122324.pfc:\windows\servicepackfiles\i386\iexplore.exec:\windows\system32\dllcache\iexplore.exe Link to post Share on other sites More sharing options...
Recommended Posts