Jump to content

Recommended Posts

Hi, folks. Thanks for helping me out! I have the (apparently epidemic) problem of a voice popping up out of nowhere and announcing "Congratulations! You Won" or "Congratulations! You've Won!" Other times I get a variation on that message, and still other times I just get a burst of rock music. When this happens, Task Manager shows iexplore (often several instances) in processes, even though I never, ever, never use Internet Explorer as my browser.

I've run Malwarebytes, Avast!, TrojanHunter, and Avira, which eliminated some threats but did not resolve this problem. Sometimes they find something in my Temp directory, but that appears to be an artifact of the malware, not the source. I followed the sticky instruction and logs are posted/attached below, but the GMER Rootkit Scanner won't complete its scan: runs for a minute then says, "encountered an error and had to close."

Here are the MalWareBytes, Hijack This, Avira AV Scan, and DDS Text logs. I'm especially interested in the Internet Explorer registry entries on the HijackThis log: I can't think of any reason why IE should be firing up other than at the virus' request.

Malwarebytes:

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 4021

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/5/2010 5:44:07 AM

mbam-log-2010-05-05 (05-44-07).txt

Scan type: Quick scan

Objects scanned: 161844

Time elapsed: 35 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\SB\Local Settings\Temp\crack (RiskTool.P2P.H) -> No action taken.

Files Infected:

(No malicious items detected)

Hijack This:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:29:54 AM, on 5/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\VMware\VMware Player\hqtray.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\TrojanHunter 5.3\THGuard.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Seesmic Desktop\Seesmic Desktop.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\vmnat.exe

C:\Documents and Settings\SB\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\SB\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\toshiba\ivp\ism\ivpsvmgr.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: in the first column followed by the corresponding host name.

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=051910 serial=WS12WTX-9999998-UYR lang=EN

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"

O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.3\THGuard.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Startup: Seesmic Desktop.lnk = C:\Program Files\Seesmic Desktop\Seesmic Desktop.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll

O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1243487986373

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://linksyssupport.webex.com/client/T26...ort/ieatgpc.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe

O23 - Service: Google Update Service (gupdate1c9e0af5194ce18) (gupdate1c9e0af5194ce18) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Media Center 14 Service - J. River, Inc. - C:\Program Files\J River\Media Center 14\JRService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: Zimbra Desktop Service - Unknown owner - C:\Documents and Settings\SB\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe

--

End of file - 14631 bytes

AV Scan:

Avira AntiVir Personal

Report file date: Wednesday, May 05, 2010 05:56

Scanning for 2073955 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SB

Computer name : SBTOSHIBA

Version information:

BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 20:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 02:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 03:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 01:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 00:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 19:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 12:54:41

VBASE006.VDF : 7.10.6.83 2048 Bytes 4/15/2010 12:54:41

VBASE007.VDF : 7.10.6.84 2048 Bytes 4/15/2010 12:54:41

VBASE008.VDF : 7.10.6.85 2048 Bytes 4/15/2010 12:54:41

VBASE009.VDF : 7.10.6.86 2048 Bytes 4/15/2010 12:54:42

VBASE010.VDF : 7.10.6.87 2048 Bytes 4/15/2010 12:54:42

VBASE011.VDF : 7.10.6.88 2048 Bytes 4/15/2010 12:54:42

VBASE012.VDF : 7.10.6.89 2048 Bytes 4/15/2010 12:54:42

VBASE013.VDF : 7.10.6.90 2048 Bytes 4/15/2010 12:54:42

VBASE014.VDF : 7.10.6.123 126464 Bytes 4/19/2010 12:54:44

VBASE015.VDF : 7.10.6.152 123392 Bytes 4/21/2010 12:54:46

VBASE016.VDF : 7.10.6.178 122880 Bytes 4/22/2010 12:54:48

VBASE017.VDF : 7.10.6.206 120320 Bytes 4/26/2010 12:54:51

VBASE018.VDF : 7.10.6.232 99328 Bytes 4/28/2010 12:54:52

VBASE019.VDF : 7.10.7.2 155648 Bytes 4/30/2010 12:54:54

VBASE020.VDF : 7.10.7.26 119808 Bytes 5/4/2010 12:54:56

VBASE021.VDF : 7.10.7.27 2048 Bytes 5/4/2010 12:54:56

VBASE022.VDF : 7.10.7.28 2048 Bytes 5/4/2010 12:54:57

VBASE023.VDF : 7.10.7.29 2048 Bytes 5/4/2010 12:54:57

VBASE024.VDF : 7.10.7.30 2048 Bytes 5/4/2010 12:54:57

VBASE025.VDF : 7.10.7.31 2048 Bytes 5/4/2010 12:54:57

VBASE026.VDF : 7.10.7.32 2048 Bytes 5/4/2010 12:54:57

VBASE027.VDF : 7.10.7.33 2048 Bytes 5/4/2010 12:54:58

VBASE028.VDF : 7.10.7.34 2048 Bytes 5/4/2010 12:54:58

VBASE029.VDF : 7.10.7.35 2048 Bytes 5/4/2010 12:54:58

VBASE030.VDF : 7.10.7.36 2048 Bytes 5/4/2010 12:54:58

VBASE031.VDF : 7.10.7.44 82432 Bytes 5/5/2010 12:54:59

Engineversion : 8.2.1.236

AEVDF.DLL : 8.1.2.0 106868 Bytes 5/5/2010 12:55:36

AESCRIPT.DLL : 8.1.3.28 1298810 Bytes 5/5/2010 12:55:35

AESCN.DLL : 8.1.5.0 127347 Bytes 2/26/2010 02:38:41

AESBX.DLL : 8.1.3.1 254324 Bytes 5/5/2010 12:55:37

AERDL.DLL : 8.1.4.6 541043 Bytes 5/5/2010 12:55:30

AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 20:34:51

AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 19:09:46

AEHEUR.DLL : 8.1.1.27 2670967 Bytes 5/5/2010 12:55:27

AEHELP.DLL : 8.1.11.3 242039 Bytes 4/2/2010 00:05:25

AEGEN.DLL : 8.1.3.7 373106 Bytes 5/5/2010 12:55:09

AEEMU.DLL : 8.1.2.0 393588 Bytes 5/5/2010 12:55:06

AECORE.DLL : 8.1.15.1 192886 Bytes 5/5/2010 12:55:04

AEBB.DLL : 8.1.1.0 53618 Bytes 5/5/2010 12:55:03

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 20:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 20:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/19/2010 00:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 20:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 20:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 20:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 17:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 20:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 23:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 22:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 22:14:29

Configuration settings for the scan:

Jobname.............................: Short system scan after installation

Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: Intelligent file selection

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Wednesday, May 05, 2010 05:56

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avnotify.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avconfig.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avshadow.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'setup.exe' - '1' Module(s) have been scanned

Scan process 'msiexec.exe' - '1' Module(s) have been scanned

Scan process 'presetup.exe' - '1' Module(s) have been scanned

Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'msdtc.exe' - '1' Module(s) have been scanned

Scan process 'dllhost.exe' - '1' Module(s) have been scanned

Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned

Scan process 'HiJackThis.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'ivpsvmgr.exe' - '1' Module(s) have been scanned

Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'vmnetdhcp.exe' - '1' Module(s) have been scanned

Scan process 'vmware-authd.exe' - '1' Module(s) have been scanned

Scan process 'zdesktop.exe' - '1' Module(s) have been scanned

Scan process 'vmnat.exe' - '1' Module(s) have been scanned

Scan process 'TAPPSRV.exe' - '1' Module(s) have been scanned

Scan process 'swupdtmr.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned

Scan process 'ReflectService.exe' - '1' Module(s) have been scanned

Scan process 'PsiService_2.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned

Scan process 'FolderSizeSvc.exe' - '1' Module(s) have been scanned

Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned

Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'Seesmic Desktop.exe' - '1' Module(s) have been scanned

Scan process 'soffice.bin' - '1' Module(s) have been scanned

Scan process 'soffice.exe' - '1' Module(s) have been scanned

Scan process 'RAMASST.exe' - '1' Module(s) have been scanned

Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned

Scan process 'btdna.exe' - '1' Module(s) have been scanned

Scan process 'toscdspd.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'RIMAutoUpdate.exe' - '1' Module(s) have been scanned

Scan process 'hqtray.exe' - '1' Module(s) have been scanned

Scan process 'ashDisp.exe' - '1' Module(s) have been scanned

Scan process 'ifrmewrk.exe' - '1' Module(s) have been scanned

Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned

Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned

Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned

Scan process 'SmoothView.exe' - '1' Module(s) have been scanned

Scan process 'TFncKy.exe' - '1' Module(s) have been scanned

Scan process 'TvsTray.exe' - '1' Module(s) have been scanned

Scan process 'Toshiba.exe' - '1' Module(s) have been scanned

Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned

Scan process 'thotkey.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'igfxpers.exe' - '1' Module(s) have been scanned

Scan process 'hkcmd.exe' - '1' Module(s) have been scanned

Scan process 'ashServ.exe' - '1' Module(s) have been scanned

Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned

Scan process 'Explorer.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned

Scan process 'EvtEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).

The registry was scanned ( '546' files ).

End of the scan: Wednesday, May 05, 2010 05:57

Used time: 00:46 Minute(s)

The scan has been done completely.

0 Scanned directories

1058 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

1058 Files not concerned

3 Archives were scanned

0 Warnings

0 Notes

DDS Text:

DDS (Ver_10-03-17.01) - NTFSx86

Run by SB at 6:12:28.42 on Wed 05/05/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.754 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! antivirus 4.8.1368 [VPS 100505-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\VMware\VMware Player\hqtray.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Seesmic Desktop\Seesmic Desktop.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

svchost.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\vmnat.exe

C:\Documents and Settings\SB\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\toshiba\ivp\ism\ivpsvmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Documents and Settings\SB\Desktop\FIREFOX DOWNLOADS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/advanced_search?hl=en

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

uRun: [bitTorrent] "c:\program files\bittorrent\bittorrent.exe"

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe

mRun: [TFncKy] TFncKy.exe

mRun: [TPSMain] TPSMain.exe

mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe

mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [WordPerfect Office 1215] c:\program files\wordperfect office 12\programs\Registration.exe /title="WordPerfect Office 12" /date=051910 serial=WS12WTX-9999998-UYR lang=EN

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [THGuard] "c:\program files\trojanhunter 5.3\THGuard.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\scottb~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\scottb~1\startm~1\programs\startup\seesmi~1.lnk - c:\program files\seesmic desktop\Seesmic Desktop.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe

IE: Add to Evernote - c:\program files\evernote\evernote3\enbar.dll/2000

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Save with Download Manager... - file://c:\program files\j river\media center 11\DMDownload.htm

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\program files\evernote\evernote3\enbar.dll

LSP: c:\program files\vmware\vmware player\vsocklib.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243487986373

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://linksyssupport.webex.com/client/T26L10NSP49EP32-linksyssupport/support/ieatgpc.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\scottb~1\applic~1\mozilla\firefox\profiles\m20ht13i.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en

FF - component: c:\documents and settings\sb\application data\mozilla\firefox\profiles\m20ht13i.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll

FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll

FF - plugin: c:\documents and settings\sb\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-3-17 15328]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-27 114768]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-5 11608]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\winxp virtual cd drive\VCdRom.sys [2001-12-19 8576]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-5 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-5 267432]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-27 20560]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-27 138680]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-5 60936]

R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-3-17 220128]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-8-14 54960]

R2 Zimbra Desktop Service;Zimbra Desktop Service;c:\documents and settings\sb\local settings\application data\zimbra\zdesktop\zdesktop.exe [2010-4-23 139264]

R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [2009-5-28 12032]

R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [2009-5-28 39552]

S2 gupdate1c9e0af5194ce18;Google Update Service (gupdate1c9e0af5194ce18);c:\program files\google\update\GoogleUpdate.exe [2009-5-29 133104]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-5-27 254040]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-5-27 352920]

S3 HPWPAUSB;Wireless Printer Adapter;c:\windows\system32\drivers\HPWPAUSB.sys [2009-5-28 18560]

S3 Media Center 14 Service;Media Center 14 Service;c:\program files\j river\media center 14\JRService.exe [2010-4-3 382464]

S3 MUD;Driver for Magellan USB Device;c:\windows\system32\drivers\MUD.sys [2009-7-25 51200]

S3 SCPMPR5;SCPMPR5 NDIS Protocol Driver;\??\d:\scpmpr5.sys --> d:\SCPMPR5.SYS [?]

S3 SCPNDIS5;SCPNDIS5 NDIS Protocol Driver;\??\d:\scpndis5.sys --> d:\SCPNDIS5.SYS [?]

=============== Created Last 30 ================

2010-05-05 13:10:49 0 ----a-w- c:\documents and settings\sb\defogger_reenable

2010-05-05 12:51:37 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-05-05 12:51:36 0 d-----w- c:\program files\Avira

2010-05-05 12:51:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-05-04 21:49:35 0 d-----w- c:\program files\Trend Micro

2010-05-04 21:40:18 0 d-----w- C:\!KillBox

2010-05-04 18:07:46 0 d-----w- c:\program files\Citrix

2010-04-25 22:17:18 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-04-25 22:17:18 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-23 15:51:13 0 d-----w- c:\docume~1\scottb~1\applic~1\VMware Inc

2010-04-22 16:00:18 54156 ---ha-w- c:\windows\QTFont.qfn

2010-04-22 16:00:18 1409 ----a-w- c:\windows\QTFont.for

2010-04-22 13:51:35 0 d-----w- c:\program files\Macrium

2010-04-20 15:12:10 0 d-----w- c:\docume~1\scottb~1\applic~1\TrojanHunter

2010-04-19 20:24:47 0 d-----w- c:\docume~1\alluse~1\applic~1\TrojanHunter

2010-04-19 20:24:26 0 d-----w- c:\program files\TrojanHunter 5.3

2010-04-18 01:09:42 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2010-04-18 00:43:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2010-04-18 00:43:37 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2010-04-18 00:41:48 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

2010-04-18 00:35:12 0 d-----w- c:\windows\ie8updates

2010-04-14 02:49:06 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-04-14 02:43:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-04-14 02:43:23 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-04-14 02:43:22 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-04-14 02:43:21 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-04-14 02:43:16 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-04-05 19:00:45 0 d-----w- c:\program files\R-Mail for Outlook

2010-04-05 19:00:45 0 d-----w- c:\docume~1\scottb~1\applic~1\R-Mail for Outlook

==================== Find3M ====================

2010-04-01 00:44:58 256 ----a-w- c:\documents and settings\sb\pool.bin

2010-03-30 18:51:55 372736 ------w- c:\windows\system32\MC14.exe

2010-03-30 07:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-30 07:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-17 16:51:48 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys

2010-03-17 16:51:40 44512 ----a-w- c:\windows\system32\drivers\psmounter.sys

2010-03-15 06:02:37 26624 ----a-w- c:\windows\system32\winsocks.dll

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-20 05:17:50 1786 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll

2009-06-25 22:28:06 56 --sh--r- c:\windows\system32\FDADBB125D.sys

============= FINISH: 6:13:38.01 ===============

Thanks again!!

Link to post
Share on other sites

  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

Hello Scoobey! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s) in this sequence:

  1. MalwareBytes' Anti-Malware log
  2. a new fresh DDS log and Attach.txt

Link to post
Share on other sites

Nice to meet you, Borislav, and thanks for the help!

MWB found no problems. Log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/6/2010 8:41:04 AM

mbam-log-2010-05-06 (08-41-04).txt

Scan type: Quick scan

Objects scanned: 178160

Time elapsed: 45 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS.txt log:

DDS (Ver_10-03-17.01) - NTFSx86

Run by SB at 9:00:00.71 on Thu 05/06/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.631 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! antivirus 4.8.1368 [VPS 100506-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\VMware\VMware Player\hqtray.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\TrojanHunter 5.3\THGuard.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Seesmic Desktop\Seesmic Desktop.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\vmnat.exe

C:\Documents and Settings\SB\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\SB\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\toshiba\ivp\ism\ivpsvmgr.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\SB\Desktop\FIREFOX DOWNLOADS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/advanced_search?hl=en

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

uRun: [bitTorrent] "c:\program files\bittorrent\bittorrent.exe"

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe

mRun: [TFncKy] TFncKy.exe

mRun: [TPSMain] TPSMain.exe

mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe

mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [WordPerfect Office 1215] c:\program files\wordperfect office 12\programs\Registration.exe /title="WordPerfect Office 12" /date=051910 serial=WS12WTX-9999998-UYR lang=EN

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [THGuard] "c:\program files\trojanhunter 5.3\THGuard.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\scottb~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\scottb~1\startm~1\programs\startup\seesmi~1.lnk - c:\program files\seesmic desktop\Seesmic Desktop.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe

IE: Add to Evernote - c:\program files\evernote\evernote3\enbar.dll/2000

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Save with Download Manager... - file://c:\program files\j river\media center 11\DMDownload.htm

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\program files\evernote\evernote3\enbar.dll

LSP: c:\program files\vmware\vmware player\vsocklib.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243487986373

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://linksyssupport.webex.com/client/T26L10NSP49EP32-linksyssupport/support/ieatgpc.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\scottb~1\applic~1\mozilla\firefox\profiles\m20ht13i.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en

FF - component: c:\documents and settings\SB\application data\mozilla\firefox\profiles\m20ht13i.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll

FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll

FF - plugin: c:\documents and settings\SB\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-3-17 15328]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-27 114768]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-5 11608]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\winxp virtual cd drive\VCdRom.sys [2001-12-19 8576]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-5 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-5 267432]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-27 20560]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-27 138680]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-5 60936]

R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-3-17 220128]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-8-14 54960]

R2 Zimbra Desktop Service;Zimbra Desktop Service;c:\documents and settings\SB\local settings\application data\zimbra\zdesktop\zdesktop.exe [2010-4-23 139264]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-5-27 254040]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-5-27 352920]

R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [2009-5-28 12032]

R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [2009-5-28 39552]

S2 gupdate1c9e0af5194ce18;Google Update Service (gupdate1c9e0af5194ce18);c:\program files\google\update\GoogleUpdate.exe [2009-5-29 133104]

S3 HPWPAUSB;Wireless Printer Adapter;c:\windows\system32\drivers\HPWPAUSB.sys [2009-5-28 18560]

S3 Media Center 14 Service;Media Center 14 Service;c:\program files\j river\media center 14\JRService.exe [2010-4-3 382464]

S3 MUD;Driver for Magellan USB Device;c:\windows\system32\drivers\MUD.sys [2009-7-25 51200]

S3 SCPMPR5;SCPMPR5 NDIS Protocol Driver;\??\d:\scpmpr5.sys --> d:\SCPMPR5.SYS [?]

S3 SCPNDIS5;SCPNDIS5 NDIS Protocol Driver;\??\d:\scpndis5.sys --> d:\SCPNDIS5.SYS [?]

=============== Created Last 30 ================

2010-05-05 13:10:49 0 ----a-w- c:\documents and settings\SB\defogger_reenable

2010-05-05 12:51:37 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-05-05 12:51:36 0 d-----w- c:\program files\Avira

2010-05-05 12:51:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-05-04 21:49:35 0 d-----w- c:\program files\Trend Micro

2010-05-04 21:40:18 0 d-----w- C:\!KillBox

2010-05-04 18:07:46 0 d-----w- c:\program files\Citrix

2010-04-25 22:17:18 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-04-25 22:17:18 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-23 15:51:13 0 d-----w- c:\docume~1\scottb~1\applic~1\VMware Inc

2010-04-22 16:00:18 54156 ---ha-w- c:\windows\QTFont.qfn

2010-04-22 16:00:18 1409 ----a-w- c:\windows\QTFont.for

2010-04-22 13:51:35 0 d-----w- c:\program files\Macrium

2010-04-20 15:12:10 0 d-----w- c:\docume~1\scottb~1\applic~1\TrojanHunter

2010-04-19 20:24:47 0 d-----w- c:\docume~1\alluse~1\applic~1\TrojanHunter

2010-04-19 20:24:26 0 d-----w- c:\program files\TrojanHunter 5.3

2010-04-18 01:09:42 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2010-04-18 00:43:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2010-04-18 00:43:37 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2010-04-18 00:41:48 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

2010-04-18 00:35:12 0 d-----w- c:\windows\ie8updates

2010-04-14 02:49:06 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-04-14 02:43:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-04-14 02:43:23 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-04-14 02:43:22 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-04-14 02:43:21 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-04-14 02:43:16 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

==================== Find3M ====================

2010-04-29 22:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 22:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-01 00:44:58 256 ----a-w- c:\documents and settings\SB\pool.bin

2010-03-30 18:51:55 372736 ------w- c:\windows\system32\MC14.exe

2010-03-17 16:51:48 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys

2010-03-17 16:51:40 44512 ----a-w- c:\windows\system32\drivers\psmounter.sys

2010-03-15 06:02:37 26624 ----a-w- c:\windows\system32\winsocks.dll

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-20 05:17:50 1786 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll

2009-06-25 22:28:06 56 --sh--r- c:\windows\system32\FDADBB125D.sys

============= FINISH: 9:00:23.78 ===============

Attach.txt rar'ed and attached.

Attach.rar

Link to post
Share on other sites

Step 1:

First of all, you should not have more than one anti-virus program installed as they will conflict and cause problems. You have two so you need to uninstall one of them. Of the two, I would recommend keeping Avira AntiVir , so please uninstall:

avast! Antivirus

Step 2:

Please, uninstall the following applications:

  1. Adobe Acrobat 9 Pro - English, Franзais, Deutsch
  2. Adobe Reader 7.0

You can read, how to this in:

Step 3:

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 4:

Your database version is 4052 , but the current is 4072 , so please:

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 5:

Please download the following scanning tool. GMER

  • Open the zip file and copy the file
    gmer.exe
    to your Desktop.

  • Double click on
    gmer.exe
    and run it.

  • It may take a minute to load and become available.

  • Do not make any changes. Click on the
    SCAN
    button and DO NOT use the computer while it's scanning.

  • Once the scan is done click on the
    SAVE
    button and browse to your Desktop and save the file as
    GMER.LOG

  • Zip up the
    GMER.LOG
    file and save it as
    gmerlog.zip
    and attach it to your reply post.

  • DO NOT
    directly post this log into a reply. You
    MUST
    attach it as a
    .ZIP
    file.

  • Click OK and quit the GMER program.

In your next reply, please include these log(s) in this sequence:

  1. MalwareBytes' Anti-Malware log
  2. GMER log
  3. a new fresh DDS log only

Link to post
Share on other sites

Viewpoint, Avast and Acrobat Reader uninstalled. If possible, I'd like to leave the Acrobat Pro on; I use it fairly regularly and have no idea where my install disc is (really messy office). Can we work around that?

Updated MBAM database (funny - I upgraded the program itself this morning, but it didn't update its database at the same time), and re-ran. Found nothing. Log copied below.

As my original post indicated, GMER won't run (starts, "encountered a problem," closes). Tried again; same thing.

DDS log attached. Thanks!

MBAM log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4072

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/6/2010 11:47:40 AM

mbam-log-2010-05-06 (11-47-40).txt

Scan type: Quick scan

Objects scanned: 179925

Time elapsed: 42 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS txt:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Scott Bellows at 11:51:44.45 on Thu 05/06/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.571 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\VMware\VMware Player\hqtray.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\TrojanHunter 5.3\THGuard.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Seesmic Desktop\Seesmic Desktop.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\vmnat.exe

C:\Documents and Settings\Scott Bellows\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Scott Bellows\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\toshiba\ivp\ism\ivpsvmgr.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Scott Bellows\Desktop\FIREFOX DOWNLOADS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/advanced_search?hl=en

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

uRun: [bitTorrent] "c:\program files\bittorrent\bittorrent.exe"

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe

mRun: [TFncKy] TFncKy.exe

mRun: [TPSMain] TPSMain.exe

mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe

mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [WordPerfect Office 1215] c:\program files\wordperfect office 12\programs\Registration.exe /title="WordPerfect Office 12" /date=051910 serial=WS12WTX-9999998-UYR lang=EN

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [THGuard] "c:\program files\trojanhunter 5.3\THGuard.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\scottb~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\scottb~1\startm~1\programs\startup\seesmi~1.lnk - c:\program files\seesmic desktop\Seesmic Desktop.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe

IE: Add to Evernote - c:\program files\evernote\evernote3\enbar.dll/2000

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Save with Download Manager... - file://c:\program files\j river\media center 11\DMDownload.htm

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\program files\evernote\evernote3\enbar.dll

LSP: c:\program files\vmware\vmware player\vsocklib.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243487986373

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://linksyssupport.webex.com/client/T26L10NSP49EP32-linksyssupport/support/ieatgpc.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\scottb~1\applic~1\mozilla\firefox\profiles\m20ht13i.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en

FF - component: c:\documents and settings\scott bellows\application data\mozilla\firefox\profiles\m20ht13i.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll

FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll

FF - plugin: c:\documents and settings\scott bellows\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-3-17 15328]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-5 11608]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\winxp virtual cd drive\VCdRom.sys [2001-12-19 8576]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-5 60936]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-8-14 54960]

R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [2009-5-28 12032]

R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [2009-5-28 39552]

RUnknown aswFsBlk;aswFsBlk; [x]

RUnknown aswSP;aswSP; [x]

S3 HPWPAUSB;Wireless Printer Adapter;c:\windows\system32\drivers\HPWPAUSB.sys [2009-5-28 18560]

S3 MUD;Driver for Magellan USB Device;c:\windows\system32\drivers\MUD.sys [2009-7-25 51200]

S3 SCPMPR5;SCPMPR5 NDIS Protocol Driver;\??\d:\scpmpr5.sys --> d:\SCPMPR5.SYS [?]

S3 SCPNDIS5;SCPNDIS5 NDIS Protocol Driver;\??\d:\scpndis5.sys --> d:\SCPNDIS5.SYS [?]

=============== Created Last 30 ================

2010-05-05 13:10:49 0 ----a-w- c:\documents and settings\SB\defogger_reenable

2010-05-05 12:51:37 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-05-05 12:51:36 0 d-----w- c:\program files\Avira

2010-05-05 12:51:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-05-04 21:49:35 0 d-----w- c:\program files\Trend Micro

2010-05-04 21:40:18 0 d-----w- C:\!KillBox

2010-05-04 18:07:46 0 d-----w- c:\program files\Citrix

2010-04-25 22:17:18 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-04-25 22:17:18 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-23 15:51:13 0 d-----w- c:\docume~1\scottb~1\applic~1\VMware Inc

2010-04-22 16:00:18 54156 ---ha-w- c:\windows\QTFont.qfn

2010-04-22 16:00:18 1409 ----a-w- c:\windows\QTFont.for

2010-04-22 13:51:35 0 d-----w- c:\program files\Macrium

2010-04-20 15:12:10 0 d-----w- c:\docume~1\scottb~1\applic~1\TrojanHunter

2010-04-19 20:24:47 0 d-----w- c:\docume~1\alluse~1\applic~1\TrojanHunter

2010-04-19 20:24:26 0 d-----w- c:\program files\TrojanHunter 5.3

2010-04-18 01:09:42 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2010-04-18 00:43:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2010-04-18 00:43:37 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2010-04-18 00:41:48 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

2010-04-18 00:35:12 0 d-----w- c:\windows\ie8updates

2010-04-14 02:49:06 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-04-14 02:43:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-04-14 02:43:23 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-04-14 02:43:22 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-04-14 02:43:21 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-04-14 02:43:16 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

==================== Find3M ====================

2010-04-29 22:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 22:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-01 00:44:58 256 ----a-w- c:\documents and settings\SB\pool.bin

2010-03-30 18:51:55 372736 ------w- c:\windows\system32\MC14.exe

2010-03-17 16:51:48 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys

2010-03-17 16:51:40 44512 ----a-w- c:\windows\system32\drivers\psmounter.sys

2010-03-15 06:02:37 26624 ----a-w- c:\windows\system32\winsocks.dll

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-20 05:17:50 1786 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll

2009-06-25 22:28:06 56 --sh--r- c:\windows\system32\FDADBB125D.sys

============= FINISH: 11:52:53.71 ===============

Link to post
Share on other sites

No problem!

Now:

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

I'll run those scans, but wanted to update: I'm suddenly having a LOT of audio interruptions, including new kinds (an ad for Slim Jims???). I ran HJT while the audio was playing and got the log posted below. If it happens again, do you want me to quickly run any of the other tools? Thanks.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:16:53 PM, on 5/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\toshiba\ivp\ism\pinger.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe

C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\VMware\VMware Player\hqtray.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\TrojanHunter 5.3\THGuard.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\vmnat.exe

C:\Documents and Settings\SB\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: in the first column followed by the corresponding host name.

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=051910 serial=WS12WTX-9999998-UYR lang=EN

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"

O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.3\THGuard.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Startup: Seesmic Desktop.lnk = C:\Program Files\Seesmic Desktop\Seesmic Desktop.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll

O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1243487986373

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://linksyssupport.webex.com/client/T26...ort/ieatgpc.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe

O23 - Service: Google Update Service (gupdate1c9e0af5194ce18) (gupdate1c9e0af5194ce18) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Media Center 14 Service - J. River, Inc. - C:\Program Files\J River\Media Center 14\JRService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: Zimbra Desktop Service - Unknown owner - C:\Documents and Settings\SB\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe

--

End of file - 13729 bytes

Link to post
Share on other sites

ComboFix is funky -- it asked to install a Microsoft program before it would run, and changed some setting (default browser etc.), but it apparently did find something that none of the other AV did, so fingers crossed! Here's the CF log; I'll run HJT next and post that when it's done, in about 45 minutes:

ComboFix 10-05-05.0D - SB 05/06/2010 12:31:33.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1417 [GMT -7:00]

Running from: c:\documents and settings\SB\Desktop\Combo-Fix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\recycler\S-1-5-21-2340103986-951937984-3967435536-500

c:\windows\system32\WinSocks.dll

G:\Autorun.inf

Infected copy of c:\windows\system32\ws2_32.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\ws2_32.dll

.

((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))

.

2010-05-05 12:51 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-05-05 12:51 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-05-05 12:51 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-05-05 12:51 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-05-05 12:51 . 2010-05-05 12:51 -------- d-----w- c:\program files\Avira

2010-05-05 12:51 . 2010-05-05 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-05-04 21:49 . 2010-05-04 21:49 -------- d-----w- c:\program files\Trend Micro

2010-05-04 21:40 . 2010-05-04 21:40 -------- d-----w- C:\!KillBox

2010-05-04 18:07 . 2010-05-04 18:07 -------- d-----w- c:\program files\Citrix

2010-04-25 23:08 . 2010-04-25 23:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\J River

2010-04-25 22:17 . 2010-04-25 22:16 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-23 15:51 . 2010-04-23 15:51 -------- d-----w- c:\documents and settings\SB\Application Data\VMware Inc

2010-04-23 15:31 . 2010-04-23 15:31 -------- d-----w- c:\documents and settings\SB\Local Settings\Application Data\Zimbra

2010-04-22 13:51 . 2010-04-22 13:51 -------- d-----w- c:\program files\Macrium

2010-04-20 15:12 . 2010-04-20 15:12 -------- d-----w- c:\documents and settings\SB\Application Data\TrojanHunter

2010-04-19 20:24 . 2010-04-19 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TrojanHunter

2010-04-19 20:24 . 2010-04-25 23:17 -------- d-----w- c:\program files\TrojanHunter 5.3

2010-04-18 01:09 . 2010-04-18 01:09 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2010-04-18 00:41 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

2010-04-18 00:35 . 2010-04-25 21:17 -------- d-----w- c:\windows\ie8updates

2010-04-14 08:04 . 2010-04-14 08:04 -------- d-sh--w- c:\documents and settings\NetworkService\UserData

2010-04-14 02:49 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-04-14 02:43 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-04-14 02:43 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-04-14 02:43 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-04-14 02:43 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-04-14 02:43 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-06 19:44 . 2009-09-16 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware

2010-05-06 19:44 . 2009-09-18 22:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware

2010-05-06 19:44 . 2009-06-08 23:42 -------- d-----w- c:\program files\DNA

2010-05-06 19:44 . 2009-06-08 23:42 -------- d-----w- c:\documents and settings\SB\Application Data\DNA

2010-05-06 19:13 . 2009-06-08 23:43 -------- d-----w- c:\documents and settings\SB\Application Data\BitTorrent

2010-05-06 18:01 . 2006-01-19 21:50 -------- d-----w- c:\program files\Common Files\Adobe

2010-05-06 14:55 . 2009-08-12 16:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-29 22:39 . 2009-08-12 16:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 22:39 . 2009-08-12 16:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-25 22:16 . 2006-01-19 22:20 -------- d-----w- c:\program files\Java

2010-04-25 21:26 . 2009-06-11 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-04-23 22:19 . 2009-06-15 21:27 -------- d-----w- c:\program files\eMule

2010-04-23 15:51 . 2009-09-16 19:59 -------- d-----w- c:\documents and settings\SB\Application Data\VMware

2010-04-20 05:34 . 2009-05-28 05:30 -------- d-----w- c:\program files\Downloaded Programs Actually Installed on Toshiba

2010-04-18 00:55 . 2006-01-19 22:53 -------- d-----w- c:\program files\Microsoft Works

2010-04-18 00:43 . 2010-04-18 00:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2010-04-18 00:43 . 2010-04-18 00:43 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2010-04-13 15:39 . 2006-01-19 23:17 -------- d-----w- c:\program files\Google

2010-04-13 13:51 . 2009-09-29 17:56 -------- d-----w- c:\documents and settings\SB\Application Data\Skype

2010-04-13 07:02 . 2009-09-29 17:57 -------- d-----w- c:\documents and settings\SB\Application Data\skypePM

2010-04-06 14:49 . 2009-05-29 21:18 88488 ----a-w- c:\documents and settings\SB\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-05 19:00 . 2010-04-05 19:00 -------- d-----w- c:\program files\R-Mail for Outlook

2010-04-05 19:00 . 2010-04-05 19:00 -------- d-----w- c:\documents and settings\SB\Application Data\R-Mail for Outlook

2010-04-03 16:13 . 2010-04-03 16:13 -------- d-----w- c:\documents and settings\NetworkService\Application Data\J River

2010-04-03 16:05 . 2010-04-03 16:05 -------- d-----w- c:\program files\J River

2010-04-03 04:49 . 2009-06-11 14:40 -------- d-----w- c:\documents and settings\SB\Application Data\J River

2010-04-03 00:57 . 2010-04-03 00:01 -------- d-----w- c:\program files\AOR

2010-04-01 02:29 . 2009-11-19 19:42 -------- d-----w- c:\documents and settings\SB\Application Data\NCH Software

2010-04-01 02:28 . 2009-11-19 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software

2010-04-01 02:24 . 2009-11-20 21:17 256 ----a-w- c:\windows\system32\pool.bin

2010-04-01 02:04 . 2010-04-01 02:04 -------- d-----w- c:\documents and settings\SB\Application Data\Research In Motion

2010-04-01 02:03 . 2010-04-01 02:02 -------- d-----w- c:\program files\Common Files\Research In Motion

2010-04-01 02:03 . 2010-04-01 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion

2010-04-01 01:39 . 2006-01-19 22:19 -------- d-----w- c:\program files\Common Files\Java

2010-04-01 01:26 . 2010-03-31 23:39 -------- d-----w- c:\program files\Common Files\Roxio Shared

2010-04-01 01:26 . 2010-03-31 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio

2010-04-01 01:14 . 2009-11-14 18:39 -------- d-----w- c:\program files\Research In Motion

2010-04-01 00:44 . 2009-11-14 19:02 256 ----a-w- c:\documents and settings\SB\pool.bin

2010-03-31 23:48 . 2010-03-31 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic

2010-03-30 18:51 . 2010-04-03 16:06 372736 ------w- c:\windows\system32\MC14.exe

2010-03-27 20:39 . 2010-03-27 20:39 -------- d-----w- c:\documents and settings\SB\Application Data\InstallShield

2010-03-27 20:39 . 2010-03-27 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield

2010-03-21 20:49 . 2010-03-21 20:49 -------- d-----w- c:\program files\Microsoft Silverlight

2010-03-17 16:51 . 2010-03-17 16:51 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys

2010-03-17 16:51 . 2010-03-17 16:51 44512 ----a-w- c:\windows\system32\drivers\psmounter.sys

2010-03-10 06:15 . 2006-01-19 18:54 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24 . 2006-01-19 18:54 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2006-01-19 18:53 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-20 05:17 . 2009-05-28 18:09 1786 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-02-16 14:08 . 2006-01-19 18:53 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:33 . 2006-01-19 18:53 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2006-01-19 18:54 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2009-06-25 22:28 . 2009-05-28 18:09 56 --sh--r- c:\windows\system32\FDADBB125D.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-09 323392]

"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2010-03-01 654648]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-26 39408]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 761945]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]

"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]

"TFncKy"="TFncKy.exe" [bU]

"TPSMain"="TPSMain.exe" [2005-06-01 282624]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"WordPerfect Office 1215"="c:\program files\WordPerfect Office 12\Programs\Registration.exe" [2004-03-08 733184]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2009-08-15 64048]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]

"THGuard"="c:\program files\TrojanHunter 5.3\THGuard.exe" [2010-03-20 1070240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\SB\Start Menu\Programs\Startup\

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

Seesmic Desktop.lnk - c:\program files\Seesmic Desktop\Seesmic Desktop.exe [2010-1-18 95232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-1-19 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk

backup=c:\windows\pss\Microsoft Office Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office Find Fast Indexer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office Find Fast Indexer.lnk

backup=c:\windows\pss\Microsoft Office Find Fast Indexer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2008-06-12 05:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-06-30 13:01 133104 ----atw- c:\documents and settings\SB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2006-01-19 22:00 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\TOPO! Explorer\\te.exe"=

"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"427:UDP"= 427:UDP:HP printer.print server port

"161:UDP"= 161:UDP:HP printer.print server port

"139:UDP"= 139:UDP:HP printer.print server port

"9220:TCP"= 9220:TCP:HP printer.print server port

"9500:TCP"= 9500:TCP:HP printer.print server port

"9290:TCP"= 9290:TCP:HP printer.print server port

"61964:TCP"= 61964:TCP:eMule TCP incoming

"62211:UDP"= 62211:UDP:eMule UDP outgoing

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [3/17/2010 9:51 AM 15328]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\WinXP virtual CD drive\VCdRom.sys [12/19/2001 11:45 AM 8576]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/5/2010 5:51 AM 135336]

R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [3/17/2010 9:51 AM 220128]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [8/14/2009 8:13 PM 54960]

R2 Zimbra Desktop Service;Zimbra Desktop Service;c:\documents and settings\SB\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe [4/23/2010 8:31 AM 139264]

R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [5/28/2009 7:29 PM 12032]

R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [5/28/2009 7:29 PM 39552]

S2 gupdate1c9e0af5194ce18;Google Update Service (gupdate1c9e0af5194ce18);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2009 3:46 PM 133104]

S3 HPWPAUSB;Wireless Printer Adapter;c:\windows\system32\drivers\HPWPAUSB.sys [5/28/2009 7:25 PM 18560]

S3 Media Center 14 Service;Media Center 14 Service;c:\program files\J River\Media Center 14\JRService.exe [4/3/2010 9:06 AM 382464]

S3 MUD;Driver for Magellan USB Device;c:\windows\system32\drivers\MUD.sys [7/25/2009 3:35 PM 51200]

S3 SCPMPR5;SCPMPR5 NDIS Protocol Driver;\??\d:\scpmpr5.sys --> d:\SCPMPR5.SYS [?]

S3 SCPNDIS5;SCPNDIS5 NDIS Protocol Driver;\??\d:\scpndis5.sys --> d:\SCPNDIS5.SYS [?]

.

Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-26 17:58]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 22:46]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 22:46]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1046265747-2112637631-1207020124-1005Core.job

- c:\documents and settings\SB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-03 13:01]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1046265747-2112637631-1207020124-1005UA.job

- c:\documents and settings\SB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-03 13:01]

2010-05-06 c:\windows\Tasks\Macrium Bku Full C Drive xml.job

- c:\program files\Macrium\Reflect\reflect.exe [2010-03-17 16:45]

2010-05-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1046265747-2112637631-1207020124-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-10 02:38]

2010-05-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1046265747-2112637631-1207020124-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-10 02:38]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/advanced_search?hl=en

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Save with Download Manager... - file://c:\program files\J River\Media Center 11\DMDownload.htm

LSP: c:\program files\VMware\VMware Player\vsocklib.dll

FF - ProfilePath - c:\documents and settings\SB\Application Data\Mozilla\Firefox\Profiles\m20ht13i.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en

FF - component: c:\documents and settings\SB\Application Data\Mozilla\Firefox\Profiles\m20ht13i.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll

FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll

FF - plugin: c:\documents and settings\SB\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CopernicMobile - c:\program files\Copernic Mobile\CopernicMobile.exe

MSConfigStartUp-ctlnvmcd9 - c:\documents and settings\SB\Local Settings\Application Data\ctlnvmcd9\ctlnvmcd9.dll

MSConfigStartUp-eMuleAutoStart - c:\program files\eMule\emule.exe

MSConfigStartUp-McafWelcome - c:\progra~1\mcafee.com\agent\mcwelcom.exe

MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe

MSConfigStartUp-McRegWiz - c:\progra~1\mcafee.com\agent\mcregwiz.exe

MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe

MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe

MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe

MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe

AddRemove-BitTorrent - f:\bittorrent\BitTorrent.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-06 12:46

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]

"Licence0"="04F0D21-79D8-7A25-D702-433F"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4888)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\TPwrCfg.DLL

c:\windows\system32\TPwrReg.dll

c:\windows\system32\TPSTrace.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\windows\system32\DVDRAMSV.exe

c:\program files\FolderSize\FolderSizeSvc.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

c:\windows\AGRSMMSG.exe

c:\windows\system32\vmnat.exe

c:\program files\Synaptics\SynTP\Toshiba.exe

c:\windows\system32\TPSBattM.exe

c:\program files\VMware\VMware Player\vmware-authd.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\windows\system32\vmnetdhcp.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-05-06 12:55:44 - machine was rebooted

ComboFix-quarantined-files.txt 2010-05-06 19:55

Pre-Run: 4,027,559,936 bytes free

Post-Run: 7,141,871,616 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 697B4B4681AA1507E5BB6C67A91FEA5B

Link to post
Share on other sites

Forgot that HJT is faster than MBAM! Here's that log file:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:05:04 PM, on 5/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\vmnat.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Documents and Settings\SB\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe

C:\toshiba\ivp\ism\pinger.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\VMware\VMware Player\hqtray.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Seesmic Desktop\Seesmic Desktop.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\system32\vmnetdhcp.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=051910 serial=WS12WTX-9999998-UYR lang=EN

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"

O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.3\THGuard.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Startup: Seesmic Desktop.lnk = C:\Program Files\Seesmic Desktop\Seesmic Desktop.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll

O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1243487986373

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://linksyssupport.webex.com/client/T26...ort/ieatgpc.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe

O23 - Service: Google Update Service (gupdate1c9e0af5194ce18) (gupdate1c9e0af5194ce18) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Media Center 14 Service - J. River, Inc. - C:\Program Files\J River\Media Center 14\JRService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: Zimbra Desktop Service - Unknown owner - C:\Documents and Settings\SB\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe

--

End of file - 13417 bytes

Link to post
Share on other sites

No audio popups in the last few minutes -- fingers crossed! Since this problem has often skipped a couple days before returning, let's leave the topic open for the day and I'll post a final report, but I'm optimistic!

A couple questions: 1. Why does IE show up in my HJT logs under R0 and R1? Is that a registry entry or ? All Windows boxes have that?

2. If I have future probs, should I just run Combo-Fix before posting logs, or ??

3. Most importantly: what the hell was it that I had?

No, actually, MOST importantly is: THANK YOU!

Scoobey

Link to post
Share on other sites

No audio popups in the last few minutes -- fingers crossed! Since this problem has often skipped a couple days before returning, let's leave the topic open for the day and I'll post a final report, but I'm optimistic!

According to statistics, optimists live 20 years longer than pessimists. I wish you it! I also think the problem is solved.

1. Why does IE show up in my HJT logs under R0 and R1? Is that a registry entry or ? All Windows boxes have that?

The anwser is here:

http://www.bleepingcomputer.com/tutorials/...al42.html#RDiag

2. If I have future probs, should I just run Combo-Fix before posting logs, or ??

No, ComboFix is powerful tool, don't play with it. For future problems:

http://forums.malwarebytes.org/index.php?showtopic=9573

3. Most importantly: what the hell was it that I had?

I'm not sure, but your system file was patched.

No, actually, MOST importantly is: THANK YOU!

You're welcome! :angry:

Link to post
Share on other sites

Means that the file was changed, but not for good.

Well, all I can say is, strange. All the AV I ran (including MWB and Trojan Hunter), and they couldn't catch it. If you Google "congratulations you won," there are a lot of people pulling their hair out over this one. I'm glad I found this forum, that such good software exists, and that people like you are willing to help anonymous strangers like me!

Have a great <s>day</s> forever, Maniac!

Link to post
Share on other sites

Good morning! Haven't heard the "congratulations!" audio since our last communication, but Avira just found the TR/Crypt.FKM.Gen Trojan in my audiosrv.dll. Avira log:

Avira AntiVir Personal

Report file date: Friday, May 07, 2010 08:38

Scanning for 2077639 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : SBTOSHIBA

Version information:

BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 20:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 02:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 03:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 01:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 00:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 19:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 12:54:41

VBASE006.VDF : 7.10.6.83 2048 Bytes 4/15/2010 12:54:41

VBASE007.VDF : 7.10.6.84 2048 Bytes 4/15/2010 12:54:41

VBASE008.VDF : 7.10.6.85 2048 Bytes 4/15/2010 12:54:41

VBASE009.VDF : 7.10.6.86 2048 Bytes 4/15/2010 12:54:42

VBASE010.VDF : 7.10.6.87 2048 Bytes 4/15/2010 12:54:42

VBASE011.VDF : 7.10.6.88 2048 Bytes 4/15/2010 12:54:42

VBASE012.VDF : 7.10.6.89 2048 Bytes 4/15/2010 12:54:42

VBASE013.VDF : 7.10.6.90 2048 Bytes 4/15/2010 12:54:42

VBASE014.VDF : 7.10.6.123 126464 Bytes 4/19/2010 12:54:44

VBASE015.VDF : 7.10.6.152 123392 Bytes 4/21/2010 12:54:46

VBASE016.VDF : 7.10.6.178 122880 Bytes 4/22/2010 12:54:48

VBASE017.VDF : 7.10.6.206 120320 Bytes 4/26/2010 12:54:51

VBASE018.VDF : 7.10.6.232 99328 Bytes 4/28/2010 12:54:52

VBASE019.VDF : 7.10.7.2 155648 Bytes 4/30/2010 12:54:54

VBASE020.VDF : 7.10.7.26 119808 Bytes 5/4/2010 12:54:56

VBASE021.VDF : 7.10.7.51 118272 Bytes 5/6/2010 13:54:18

VBASE022.VDF : 7.10.7.52 2048 Bytes 5/6/2010 13:54:18

VBASE023.VDF : 7.10.7.53 2048 Bytes 5/6/2010 13:54:18

VBASE024.VDF : 7.10.7.54 2048 Bytes 5/6/2010 13:54:18

VBASE025.VDF : 7.10.7.55 2048 Bytes 5/6/2010 13:54:19

VBASE026.VDF : 7.10.7.56 2048 Bytes 5/6/2010 13:54:19

VBASE027.VDF : 7.10.7.57 2048 Bytes 5/6/2010 13:54:19

VBASE028.VDF : 7.10.7.58 2048 Bytes 5/6/2010 13:54:19

VBASE029.VDF : 7.10.7.59 2048 Bytes 5/6/2010 13:54:19

VBASE030.VDF : 7.10.7.60 2048 Bytes 5/6/2010 13:54:20

VBASE031.VDF : 7.10.7.61 19968 Bytes 5/6/2010 13:54:20

Engineversion : 8.2.1.236

AEVDF.DLL : 8.1.2.0 106868 Bytes 5/5/2010 12:55:36

AESCRIPT.DLL : 8.1.3.28 1298810 Bytes 5/5/2010 12:55:35

AESCN.DLL : 8.1.5.0 127347 Bytes 2/26/2010 02:38:41

AESBX.DLL : 8.1.3.1 254324 Bytes 5/5/2010 12:55:37

AERDL.DLL : 8.1.4.6 541043 Bytes 5/5/2010 12:55:30

AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 20:34:51

AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 19:09:46

AEHEUR.DLL : 8.1.1.27 2670967 Bytes 5/5/2010 12:55:27

AEHELP.DLL : 8.1.11.3 242039 Bytes 4/2/2010 00:05:25

AEGEN.DLL : 8.1.3.7 373106 Bytes 5/5/2010 12:55:09

AEEMU.DLL : 8.1.2.0 393588 Bytes 5/5/2010 12:55:06

AECORE.DLL : 8.1.15.1 192886 Bytes 5/5/2010 12:55:04

AEBB.DLL : 8.1.1.0 53618 Bytes 5/5/2010 12:55:03

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 20:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 20:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/19/2010 00:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 20:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 20:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 20:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 17:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 20:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 23:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 22:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 22:14:29

Configuration settings for the scan:

Jobname.............................: avguard_async_scan

Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4c1f541c\guard_slideup.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: quarantine

Scan master boot sector.............: on

Scan boot sector....................: off

Process scan........................: on

Scan registry.......................: off

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: high

Start of the scan: Friday, May 07, 2010 08:38

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'msdtc.exe' - '1' Module(s) have been scanned

Scan process 'dllhost.exe' - '1' Module(s) have been scanned

Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'vmnetdhcp.exe' - '1' Module(s) have been scanned

Scan process 'soffice.bin' - '1' Module(s) have been scanned

Scan process 'soffice.exe' - '1' Module(s) have been scanned

Scan process 'Seesmic Desktop.exe' - '1' Module(s) have been scanned

Scan process 'zdesktop.exe' - '1' Module(s) have been scanned

Scan process 'RAMASST.exe' - '1' Module(s) have been scanned

Scan process 'vmnat.exe' - '1' Module(s) have been scanned

Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned

Scan process 'TAPPSRV.exe' - '1' Module(s) have been scanned

Scan process 'swupdtmr.exe' - '1' Module(s) have been scanned

Scan process 'bittorrent.exe' - '1' Module(s) have been scanned

Scan process 'btdna.exe' - '1' Module(s) have been scanned

Scan process 'toscdspd.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'THGuard.exe' - '1' Module(s) have been scanned

Scan process 'RIMAutoUpdate.exe' - '1' Module(s) have been scanned

Scan process 'ReflectService.exe' - '1' Module(s) have been scanned

Scan process 'hqtray.exe' - '1' Module(s) have been scanned

Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned

Scan process 'PsiService_2.exe' - '1' Module(s) have been scanned

Scan process 'ifrmewrk.exe' - '1' Module(s) have been scanned

Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned

Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned

Scan process 'pinger.exe' - '1' Module(s) have been scanned

Scan process 'SmoothView.exe' - '1' Module(s) have been scanned

Scan process 'Toshiba.exe' - '1' Module(s) have been scanned

Scan process 'TFncKy.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'TvsTray.exe' - '1' Module(s) have been scanned

Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned

Scan process 'thotkey.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'igfxpers.exe' - '1' Module(s) have been scanned

Scan process 'hkcmd.exe' - '1' Module(s) have been scanned

Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned

Scan process 'FolderSizeSvc.exe' - '1' Module(s) have been scanned

Scan process 'avshadow.exe' - '1' Module(s) have been scanned

Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned

Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned

Scan process 'Explorer.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned

Scan process 'EvtEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\WINDOWS\system32\audiosrv.dll'

C:\WINDOWS\system32\audiosrv.dll

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

Beginning disinfection:

C:\WINDOWS\system32\audiosrv.dll

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '569bb429.qua'.

End of the scan: Friday, May 07, 2010 08:39

Used time: 00:04 Minute(s)

The scan has been done completely.

0 Scanned directories

71 Files were scanned

1 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

70 Files not concerned

0 Archives were scanned

0 Warnings

0 Notes

The scan results will be transferred to the Guard.

Thanks!

Link to post
Share on other sites

Hi, Maniac. Didn't hear rhe audio popup during the short time I was on the computer (I'm away now), but I'm still concerned -- this looks like an audio-related infection, and if we cleaned the computer yesterday, where did it come from? Either it's an artifact of the old infection that AV didn't notice yesterday, or there's still some hidden malware that created it. Is that concern valid?

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.