Google Redirect - Cannot Remove Trojan.Tracur

Frustrated24 · July 25, 2011

Hi,

I am running Windows XP on a 5 year old computer. My laptop recently became infected with a Trojan.Tracur virus that I cannot remove no matter how many anti-spyware/virus scan programs I run. Every time I run Malwarebytes the Trojan has returned.

Please find my Malwarebytes and DDS logs below. My GMER log is attached. Thank you.

****************************************

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7268

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

7/24/2011 8:40:30 PM

mbam-log-2011-07-24 (20-40-30).txt

Scan type: Quick scan

Objects scanned: 153861

Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

c:\WINDOWS\system32\avtapi32.exe (Trojan.Tracur) -> 3600 -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MESSENGER32 (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\avtapi32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

****************************************************

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16

Run by C Level at 20:40:43 on 2011-07-24

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.922 [GMT -4:00]

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

svchost.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nlsdl32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Dictionary.com: {11359f4a-b191-42d7-905a-594f8cf0387b} - c:\windows\downloaded program files\lexbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: WikiSearch: {44e7ef6c-6f5c-4aaf-a080-7725a27878ed} - c:\progra~1\wikise~1\WIKIPE~1.DLL

TB: Dictionary.com: {11359f4a-b191-42d7-905a-594f8cf0387b} - c:\windows\downloaded program files\lexbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [RunNarrator] Narrator.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Find on Wikipedia... - c:\progra~1\wikise~1\cm.html

IE: Search &Dictionary - c:\program files\lexico\toolbar\dictionary.htm

IE: Search &Thesaurus - c:\program files\lexico\toolbar\thesaurus.htm

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab

DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/58.17/uploader2.cab

DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/24.11/uploader2.cab

DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150982717197

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553530800} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - hxxp://dictionary.reference.com/tools/toolbar/lexico.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F640BDAB-ABC9-4E97-96BD-7517A1C2BFE0} : DhcpNameServer = 192.168.1.1

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\c level\application data\mozilla\firefox\profiles\dqpzpm5z.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101040100&s=

FF - prefs.js: network.proxy.ftp - 64.66.192.61

FF - prefs.js: network.proxy.ftp_port - 80

FF - prefs.js: network.proxy.gopher - 64.66.192.61

FF - prefs.js: network.proxy.gopher_port - 80

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 61152

FF - prefs.js: network.proxy.socks - 64.66.192.61

FF - prefs.js: network.proxy.socks_port - 80

FF - prefs.js: network.proxy.ssl - 64.66.192.61

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

.

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Google

FF - user.js: browser.search.order.1 - Google

FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101040100&s=

.

============= SERVICES / DRIVERS ===============

.

R0 18109242;18109242;c:\windows\system32\drivers\18109242.sys [2011-7-10 133208]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 Messenger32;Messenger ;c:\windows\system32\nlsdl32.exe [2011-7-24 571904]

S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]

S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys --> c:\windows\system32\drivers\gttap1.sys [?]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-4 7680]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-25 41272]

S3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [2006-8-3 161792]

S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]

S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2009-10-4 110592]

S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2009-10-4 105344]

.

=============== Created Last 30 ================

.

2011-07-25 00:40:35 54016 -c--a-w- c:\windows\system32\drivers\qeprsnwd.sys

2011-07-24 23:48:24 571904 -c--a-w- c:\windows\system32\nlsdl32.exe

2011-07-24 01:37:04 -------- dc----w- c:\program files\SpywareBlaster

2011-07-23 20:36:22 -------- dc----w- c:\program files\AVAST Software

2011-07-23 20:36:22 -------- dc----w- c:\documents and settings\all users\application data\AVAST Software

2011-07-19 02:12:42 98816 -c--a-w- c:\windows\sed.exe

2011-07-19 02:12:42 518144 -c--a-w- c:\windows\SWREG.exe

2011-07-19 02:12:42 256000 -c--a-w- c:\windows\PEV.exe

2011-07-19 02:12:42 208896 -c--a-w- c:\windows\MBR.exe

2011-07-19 02:11:40 -------- dc----w- C:\ComboFix14055C

2011-07-19 02:06:14 -------- dc----w- C:\ComboFix117583C

2011-07-19 02:01:52 -------- dc----w- C:\ComboFix130564C

2011-07-16 22:00:21 0 -c-ha-w- c:\documents and settings\c level\iapcyurvze.tmp

2011-07-11 03:31:43 -------- dc----w- C:\ComboFix11498C

2011-07-11 03:00:19 133208 -c--a-w- c:\windows\system32\drivers\18109242.sys

2011-07-11 02:37:21 -------- dc----w- C:\MGtools

2011-07-10 20:01:32 -------- dc----w- C:\ComboFix18274C

2011-07-10 19:50:20 -------- dc----w- C:\ComboFix1

2011-07-10 18:35:41 -------- dc----w- c:\program files\PageRage

2011-06-25 01:24:37 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-25 01:19:58 2106216 -c--a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-06-25 01:19:57 1998168 -c--a-w- c:\program files\mozilla firefox\d3dx9_43.dll

.

==================== Find3M ====================

.

2011-07-10 18:36:15 0 -c--a-w- c:\windows\Rnehowubucudi.bin

2011-07-06 23:52:42 41272 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 -c--a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 20:42:20.25 ===============

attach.zip

screen317 · July 29, 2011

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Frustrated24 · July 30, 2011

Thanks for help. I ran Malwarebytes again a few days ago. I will post the most recent log and the previous log as some of the threats appear to have been removed.

*************************************************************************************************

Most Recent Malwarebytes scan - 29 July 2011

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7323

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

7/29/2011 9:08:05 PM

mbam-log-2011-07-29 (21-07-59).txt

Scan type: Quick scan

Objects scanned: 155074

Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

c:\WINDOWS\system32\avtapi32.exe (Trojan.Tracur) -> 460 -> No action taken.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\avtapi32.exe (Trojan.Tracur) -> No action taken.

*************************************************************************************************

Previous Malwarebytes scan - 27 July 2011

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7304

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

7/27/2011 8:51:05 PM

mbam-log-2011-07-27 (20-50-59).txt

Scan type: Quick scan

Objects scanned: 154554

Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 1

Registry Keys Infected: 5

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

c:\WINDOWS\system32\avtapi32.exe (Trojan.Tracur) -> 1544 -> No action taken.

Memory Modules Infected:

c:\WINDOWS\system32\avtapi32.dll (Trojan.Tracur) -> No action taken.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{0FE386CE-17FB-4AA6-BE32-3DD59F7B0A0b} (Trojan.Tracur) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FE386CE-17FB-4AA6-BE32-3DD59F7B0A0B} (Trojan.Tracur) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FE386CE-17FB-4AA6-BE32-3DD59F7B0A0B} (Trojan.Tracur) -> No action taken.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MESSENGER32 (Trojan.Tracur) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\C Level\local settings\temp\tmph8284681445473752384.tmp (Adware.Agent) -> No action taken.

c:\WINDOWS\system32\avtapi32.dll (Trojan.Tracur) -> No action taken.

c:\WINDOWS\system32\avtapi32.exe (Trojan.Tracur) -> No action taken.

*************************************************************************************************

ComboFix

ComboFix 11-07-29.03 - C Level 07/29/2011 21:14:50.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.976 [GMT -4:00]

Running from: c:\documents and settings\C Level\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{3da0ccce-88be-413d-8bbb-19294ce9452e}

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{3da0ccce-88be-413d-8bbb-19294ce9452e}\chrome.manifest

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{3da0ccce-88be-413d-8bbb-19294ce9452e}\chrome\xulcache.jar

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{3da0ccce-88be-413d-8bbb-19294ce9452e}\defaults\preferences\xulcache.js

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{3da0ccce-88be-413d-8bbb-19294ce9452e}\install.rdf

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{8505f011-098a-45be-9988-60519b0e33fa}

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{8505f011-098a-45be-9988-60519b0e33fa}\chrome\xulcache.jar

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{8505f011-098a-45be-9988-60519b0e33fa}\defaults\preferences\xulcache.js

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{8505f011-098a-45be-9988-60519b0e33fa}\install.rdf

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{ad5ccd03-6b5c-44ef-8099-77c467eb419e}

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{ad5ccd03-6b5c-44ef-8099-77c467eb419e}\chrome.manifest

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{ad5ccd03-6b5c-44ef-8099-77c467eb419e}\chrome\xulcache.jar

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{ad5ccd03-6b5c-44ef-8099-77c467eb419e}\defaults\preferences\xulcache.js

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{ad5ccd03-6b5c-44ef-8099-77c467eb419e}\install.rdf

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{f6042913-a2de-401d-8220-18a682112650}

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{f6042913-a2de-401d-8220-18a682112650}\chrome\xulcache.jar

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{f6042913-a2de-401d-8220-18a682112650}\defaults\preferences\xulcache.js

c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\extensions\{f6042913-a2de-401d-8220-18a682112650}\install.rdf

c:\documents and settings\C Level\iapcyurvze.tmp

c:\documents and settings\C Level\My Documents\~WRL0001.tmp

c:\documents and settings\C Level\My Documents\~WRL0003.tmp

c:\documents and settings\C Level\My Documents\~WRL0005.tmp

c:\documents and settings\C Level\My Documents\~WRL0695.tmp

c:\documents and settings\C Level\My Documents\~WRL1721.tmp

c:\documents and settings\C Level\My Documents\~WRL2392.tmp

.

c:\windows\regedit.exe . . . is infected!!

.

c:\windows\system32\expand.exe . . . is infected!!

.

c:\windows\system32\netsetup.exe . . . is infected!!

.

c:\windows\system32\netsh.exe . . . is infected!!

.

c:\windows\system32\netstat.exe . . . is infected!!

.

c:\windows\system32\ntsd.exe . . . is infected!!

.

((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-30 )))))))))))))))))))))))))))))))

.

2011-07-30 01:08 . 2011-07-30 01:08 54016 -c--a-w- c:\windows\system32\drivers\vmefhbhf.sys

2011-07-24 23:48 . 2011-07-24 23:48 571904 -c--a-w- c:\windows\system32\nlsdl32.exe

2011-07-24 01:37 . 2011-07-24 01:38 -------- dc----w- c:\program files\SpywareBlaster

2011-07-23 20:36 . 2011-07-24 01:22 -------- dc----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-07-23 20:36 . 2011-07-23 20:36 -------- dc----w- c:\program files\AVAST Software

2011-07-11 03:00 . 2011-07-11 09:11 133208 -c--a-w- c:\windows\system32\drivers\18109242.sys

2011-07-11 02:37 . 2011-07-23 17:32 -------- dc----w- C:\MGtools

2011-07-10 18:35 . 2011-07-23 20:08 -------- dc----w- c:\program files\PageRage

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-23 17:32 . 2011-07-11 02:37 200453 -c--a-w- C:\MGlogs.zip

2011-07-06 23:52 . 2010-07-25 23:21 41272 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2010-07-25 23:21 22712 -c--a-w- c:\windows\system32\drivers\mbam.sys

2011-06-25 01:24 . 2011-06-25 01:24 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-25 01:19 . 2011-05-08 16:11 142296 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regedit.exe

[-] 2006-08-04 . FEB2251A0A5E4ABB83FA0D2012C7754B . 146432 . . [5.1.2600.2180] . . c:\windows\regedit.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [bU]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2006-10-04 53760]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk

backup=c:\windows\pss\Device Detector 3.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk

backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UvA - Informatiseringscentrum CISCO VPN Client.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UvA - Informatiseringscentrum CISCO VPN Client.lnk

backup=c:\windows\pss\UvA - Informatiseringscentrum CISCO VPN Client.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk

backup=c:\windows\pss\WDDMStatus.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk

backup=c:\windows\pss\WDSmartWare.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^C Level^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]

path=c:\documents and settings\C Level\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk

backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 00:57 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

2006-08-04 13:24 90112 -c--a-w- c:\windows\agrsmmsg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2006-08-04 13:48 196608 -c--a-w- c:\program files\Apoint2K\Apoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2004-08-04 12:00 110592 -c--a-w- c:\windows\system32\bthprops.cpl

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]

2006-08-04 14:38 671744 -c--a-w- c:\program files\Toshiba\E-KEY\CeEKey.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

2005-12-10 14:57 133016 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2010-04-01 09:16 357696 -c--a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]

c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

2005-05-31 04:33 122941 -c--a-w- c:\windows\system32\dla\tfswctrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]

2006-08-04 14:38 28672 -c--a-w- c:\program files\Toshiba\TOSHIBA Applet\HWSetup.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2006-08-04 13:24 114688 -c--a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2006-08-04 13:24 94208 -c--a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-12-13 22:16 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]

2006-08-04 14:38 1081344 -c--a-w- c:\program files\Toshiba\Touch and Launch\PadExe.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-06-15 19:02 15141768 -c--a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-09-28 03:13 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-04-11 14:35 2423752 -c--a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]

2006-08-04 14:38 65536 -c--a-w- c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-06-27 22:56 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]

2005-08-22 15:49 28672 -c--a-w- c:\windows\system32\TCtrlIOHook.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]

2006-08-04 14:38 65536 -c--a-w- c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]

2006-08-04 14:38 53248 -c--a-w- c:\program files\Toshiba\TouchPad\TPTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]

2005-08-11 13:33 266240 -c--a-w- c:\windows\system32\TPSMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]

2006-08-04 14:38 73728 -c--a-w- c:\program files\Toshiba\Tvs\TvsTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]

2006-11-06 18:31 81920 -c--a-w- c:\windows\system32\PCLECoInst.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

c:\program files\Veoh Networks\Veoh\VeohClient.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

2006-08-04 14:38 114688 -c--a-w- c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]

2005-06-06 08:58 24576 -c--a-w- c:\windows\system32\ZoomingHook.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

c:\program files\Google\Gmail Notifier\gnotify.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"LxrJD31s"=2 (0x2)

"gusvc"=3 (0x3)

"Bonjour Service"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15334:TCP"= 15334:TCP:BitComet 15334 TCP

"15334:UDP"= 15334:UDP:BitComet 15334 UDP

.

R0 18109242;18109242;c:\windows\system32\drivers\18109242.sys [7/10/2011 11:00 PM 133208]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 Messenger32;Messenger ;c:\windows\system32\nlsdl32.exe [7/24/2011 7:48 PM 571904]

S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]

S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\DRIVERS\gttap1.sys --> c:\windows\system32\DRIVERS\gttap1.sys [?]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [10/4/2009 11:05 AM 7680]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/25/2010 7:21 PM 41272]

S3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [8/3/2006 6:58 PM 161792]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]

S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [10/4/2009 11:06 AM 110592]

S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [10/4/2009 11:06 AM 105344]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/22/2006 12:20 PM 691696]

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Find on Wikipedia... - c:\progra~1\WIKISE~1\cm.html

IE: Search &Dictionary - c:\program files\Lexico\Toolbar\dictionary.htm

IE: Search &Thesaurus - c:\program files\Lexico\Toolbar\thesaurus.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\C Level\Application Data\Mozilla\Firefox\Profiles\dqpzpm5z.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101040100&s=

FF - prefs.js: network.proxy.ftp - 64.66.192.61

FF - prefs.js: network.proxy.ftp_port - 80

FF - prefs.js: network.proxy.gopher - 64.66.192.61

FF - prefs.js: network.proxy.gopher_port - 80

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 61152

FF - prefs.js: network.proxy.socks - 64.66.192.61

FF - prefs.js: network.proxy.socks_port - 80

FF - prefs.js: network.proxy.ssl - 64.66.192.61

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 4

FF - user.js: browser.search.selectedEngine - Google

FF - user.js: browser.search.order.1 - Google

FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101040100&s=

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-29 21:23

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(724)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2011-07-29 21:30:52

ComboFix-quarantined-files.txt 2011-07-30 01:30

ComboFix2.txt 2011-07-20 01:37

ComboFix3.txt 2011-07-19 02:32

ComboFix4.txt 2011-07-11 03:24

ComboFix5.txt 2011-07-30 01:13

.

Pre-Run: 202,788,864 bytes free

Post-Run: 221,163,520 bytes free

.

- - End Of File - - 6009CF7301C2941FF335F5D43BCA2C7F

************************************************************************************

DDS

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16

Run by C Level at 21:37:39 on 2011-07-29

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.921 [GMT -4:00]

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

svchost.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nlsdl32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe