Help - Search - Members - Calendar
Full Version: Win32Backdoor.TDSS
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
XZED
Feb 16 2009, 07:47 PM
I was told to post a HJT log here from this thread:
http://www.lavasoftsupport.com/index.php?showtopic=23676

I did post a HJT log Here:
http://www.lavasoftsupport.com/index.php?showtopic=23730
but it must have slipped through the cracks and so I am trying again.



Here are some other tid-bits on this:
1. Since discovering the issue, I disconnected to computer from the internet. I am using a clean computer to get to this forum and download tools.

2. I tried to install SP3 (it had already been downloaded for a while, I just did not let it install because I was affraid some of my programs would not be compatible with the upgrade yet.) It seemed to be working when all of a sudden a pop-up said that the install failed. But it still prompted for a rebbot. I rebooted and now I have something called MS antimalware 2009 telling me that I have 16 detectiond but I need to pay money to have them removed.... yeah right!

3.This seems to be a very nasty one because it somehow is preventing me from installing tools to fix it. Even if I use a clean computer to download the install package of a tool, when I try to install the tool on the infected computer nothing happens. I click in the install file and NOTHING happens! Even HJT did not install. Luckily I was able to download the .exe directly and that worked.


So, I am in a real fix here and need my hand held with a walk-through. If you are looking for a challenge, I am sure this is it.

Thanks for reading. Here is my latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:55 PM, on 2/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\John NX1Z\Desktop\sdsetup.exe
C:\Documents and Settings\John NX1Z\Desktop\Maleware Command Post\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MS AntiSpyware 2009] "C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" /autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - S-1-5-18 Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135229339093
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 11579 bytes
Rorschach112
Feb 17 2009, 12:31 AM
hello

Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.





Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.
XZED
Feb 17 2009, 04:50 AM
Rorschach112,

Thank you for your reply!

I thought you should know:
BEFORE your reply I downloaded MalwareBytesAM from a clean computer and ran it on the infected computer (I had to rename the app to get it to install and work). But, since the infected computer is still disconnected from the internet (for now) MBAM was not able to download any updates and ran "as is". I have the log file from MBAM. If you think that it will be useful, let me know and I will post it.

So, I downloaded SDFix from my clean computer and ran it on the infected computer. It ran, rebooted and restarted as expected but did not finish as expected. I walked away from the computer while it was in the finishing process. About an hour later, I came back to the computer and the program was no longer running. I could move the mouse cursor but the icons had not loaded. Just a black screen with "Safe Mode" in each corner and the windows version listed at the top. I let it sit that way for a long while but nothing ever happened. I pressed the space bar (in case it was waiting for any key press) but nothing. I was able to open the task manager: CPU usage was zero, there were no apps listed and no sign of SDFix in the processes list. So, I selected restart from the TM. I then went and got the SDFix report manually after the computer restarted. Here it is (does it look like it is complete?):


SDFix: Version 1.240
Run by John NX1Z on Mon 02/16/2009 at 09:16 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds - Deleted
C:\Documents and Settings\NetworkService\Application Data\twain_32\user.ds - Deleted
C:\WINDOWS\system32\drivers\TDSSrvdc.sys - Deleted
C:\WINDOWS\system32\TDSSkfkl.dll - Deleted
C:\WINDOWS\system32\TDSSurxb.dll - Deleted
C:\WINDOWS\system32\TDSSlaha.dll - Deleted
C:\WINDOWS\system32\TDSSoxum.dll - Deleted
C:\WINDOWS\system32\TDSSxehr.dll - Deleted
C:\WINDOWS\system32\TDSSweat.dat - Deleted
C:\WINDOWS\system32\TDSSshkx.log - Deleted
C:\WINDOWS\system32\TDSSqrde.log - Deleted
C:\WINDOWS\system32\twain_32\user.ds.cla - Deleted



Folder C:\Documents and Settings\LocalService\Application Data\twain_32 - Removed
Folder C:\Documents and Settings\NetworkService\Application Data\twain_32 - Removed
Folder C:\WINDOWS\system32\twain_32 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 21:45:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\IVP\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\\Program Files\\K1RFD\\EchoLink\\EchoLink.exe"="C:\\Program Files\\K1RFD\\EchoLink\\EchoLink.exe:*:Enabled:EchoLink"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Disabled:NIE - Toshiba Software Upgrade Engine"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe:*:Disabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\MSN Gaming Zone\\zclient.exe"="C:\\Program Files\\MSN Gaming Zone\\zclient.exe:*:Disabled:Zone Datafile"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 7 Nov 2005 30,720 ...HR --- "C:\WINDOWS\CdaC13BA.EXE"
Mon 7 Nov 2005 112,128 ...HR --- "C:\WINDOWS\CdaC14BA.DLL"
Mon 7 Feb 2005 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Mon 7 Feb 2005 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Mon 7 Feb 2005 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Tue 30 May 2006 61,952 ...H. --- "C:\Program Files\MSN\msnupdate!@#@.exe"
Tue 30 May 2006 308,224 ...H. --- "C:\Program Files\MSN\txsrvc.dll"
Tue 30 May 2006 302,592 ...H. --- "C:\Program Files\MSN\unicows.dll"
Mon 24 Nov 2008 34,816 ..SHR --- "C:\WINDOWS\system32\12520850c.exe"
Thu 9 Mar 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 27 Oct 2005 71,680 ..SHR --- "C:\Program Files\Makayama.com\iPod Media Studio - Demo\Setup.exe"
Wed 1 Aug 2007 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Wed 1 Aug 2007 211 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Thu 1 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Analogic\Application Data\U3\temp\Launchpad Removal.exe"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\John NX1Z\Application Data\U3\temp\Launchpad Removal.exe"
Tue 30 Nov 2004 253,952 A..HR --- "C:\Documents and Settings\All Users\Documents\256 Jump Drive\jump\PocketCache Trial Version\BackupRestoreBus.dll"
Tue 30 Nov 2004 253,952 A..HR --- "C:\Documents and Settings\John NX1Z\My Documents\FILES\Long Term Storage\original folders\PocketCache Trial Version\BackupRestoreBus.dll"
Fri 29 Oct 2004 53,248 A..H. --- "C:\Documents and Settings\John NX1Z\My Documents\FILES\Long Term Storage\SecurDataStorRM\Files\CopyFile.exe"
Fri 29 Oct 2004 30,133 A..H. --- "C:\Documents and Settings\John NX1Z\My Documents\FILES\Long Term Storage\SecurDataStorRM\Files\msghxx.dllz"
Fri 29 Oct 2004 180,700 A..H. --- "C:\Documents and Settings\John NX1Z\My Documents\FILES\Long Term Storage\SecurDataStorRM\Files\MSVCR71.DLLz"
Fri 29 Oct 2004 1,671,168 A..H. --- "C:\Documents and Settings\John NX1Z\My Documents\FILES\Long Term Storage\SecurDataStorRM\Files\SecurDataStor.exe"
Fri 29 Oct 2004 84,576 A..H. --- "C:\Documents and Settings\John NX1Z\My Documents\FILES\Long Term Storage\SecurDataStorRM\Files\Viewer.exez"
Fri 29 Oct 2004 53,248 A..H. --- "C:\Documents and Settings\John NX1Z\Desktop\Decktop Cleanup\My MISC\Licias Jump drive\SecurDataStorRM\Files\CopyFile.exe"
Fri 29 Oct 2004 30,133 A..H. --- "C:\Documents and Settings\John NX1Z\Desktop\Decktop Cleanup\My MISC\Licias Jump drive\SecurDataStorRM\Files\msghxx.dllz"
Fri 29 Oct 2004 180,700 A..H. --- "C:\Documents and Settings\John NX1Z\Desktop\Decktop Cleanup\My MISC\Licias Jump drive\SecurDataStorRM\Files\MSVCR71.DLLz"
Fri 29 Oct 2004 1,671,168 A..H. --- "C:\Documents and Settings\John NX1Z\Desktop\Decktop Cleanup\My MISC\Licias Jump drive\SecurDataStorRM\Files\SecurDataStor.exe"
Fri 29 Oct 2004 84,576 A..H. --- "C:\Documents and Settings\John NX1Z\Desktop\Decktop Cleanup\My MISC\Licias Jump drive\SecurDataStorRM\Files\Viewer.exez"
Sun 5 May 2002 151,552 A..H. --- "C:\Documents and Settings\Analogic\My Documents\Personal\RADIO\HAM Radio\SORT\VX-5\ADMS\vx-5.exe"

Finished!

/John
Rorschach112
Feb 17 2009, 04:15 PM
hello

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


XZED
Feb 18 2009, 02:11 AM
I cant turn off my virus protection. When I try I get a pop-up that says "The setting cannot be changed because of an error.

------
To attempt shut off I went to advanced menu, Configure, Computer & Files and there is a radio button disable virus protection. Cant make it work.
-------

I started ComboFix and it downloaded updates and the MS Recovery Installation stuff went good. When it asked if I wanted to scan for problems I said no because I cant shut off my virus scan. Should I just let ComboFix run?
XZED
Feb 18 2009, 03:18 AM
Well, I ran it in safe mode. It showed that it backed-up the registry. Then I was surprised when it said that it needed an internet connection to download the MS Recovery stuff again. I figured that if I said NO (since I was in safe mode i had NO networking) that it would let me opt out of the scan so I could set up the internet connection again. Instead, when I said NO to the download it just started scanning....OOpps. I figured I would do more damage if I stopped the scan so I let it run.

Here is the log:
ComboFix 09-02-17.01 - John NX1Z 2009-02-17 20:46:31.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.348 [GMT -5:00]
Running from: c:\documents and settings\John NX1Z\Desktop\ComboFix99.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\12520850c.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ERSVCSECLOGON
-------\Legacy_TDSSSERV.SYS
-------\Service_ERSvcseclogon


((((((((((((((((((((((((( Files Created from 2009-01-18 to 2009-02-18 )))))))))))))))))))))))))))))))
.

2009-02-16 21:07 . 2009-02-16 21:07 <DIR> d-------- c:\windows\ERUNT
2009-02-16 20:51 . 2009-02-16 21:54 <DIR> d-------- C:\SDFix
2009-02-16 19:35 . 2009-02-16 19:35 <DIR> d-------- c:\documents and settings\John NX1Z\Application Data\Malwarebytes
2009-02-16 19:24 . 2009-02-16 19:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-16 18:46 . 2009-02-16 19:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malwarexxx
2009-02-16 18:46 . 2009-02-16 18:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-16 18:46 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-16 18:46 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-07 20:37 . 2009-02-07 21:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\U3
2009-02-06 21:50 . 2009-01-18 16:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-06 21:22 . 2009-01-18 16:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-06 21:15 . 2009-02-06 21:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-06 21:15 . 2009-02-06 21:15 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-03 20:15 . 2009-02-03 20:15 <DIR> d-------- c:\documents and settings\John NX1Z\Application Data\Move Networks
2009-01-23 17:46 . 2009-01-23 17:46 61,440 --a------ c:\windows\system32\TDSSncur.dll
2009-01-23 17:46 . 2009-01-23 17:46 35,840 --a------ c:\windows\system32\TDSSoipa.dll
2009-01-23 17:46 . 2009-01-23 17:46 2,201 --a------ c:\windows\system32\TDSSqxgx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 18:54 --------- d-----w c:\documents and settings\John NX1Z\Application Data\U3
2009-02-16 02:19 --------- d-----w c:\program files\AIM
2009-02-16 02:18 --------- d-----w c:\program files\Common Files\Adobe
2009-02-16 02:16 --------- d-----w c:\program files\Lavasoft
2009-02-16 02:16 --------- d-----w c:\documents and settings\John NX1Z\Application Data\Lavasoft
2009-02-16 02:12 --------- d-----w c:\program files\Microsoft Games
2009-01-10 00:44 --------- d-----w c:\program files\Verizon
2008-12-31 18:10 --------- d-----w c:\program files\iTunes
2008-12-31 18:10 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-31 18:09 --------- d-----w c:\program files\iPod
2008-12-31 18:07 --------- d-----w c:\program files\Bonjour
2008-12-31 18:06 --------- d-----w c:\program files\QuickTime
2008-12-31 18:02 --------- d-----w c:\program files\Common Files\Apple
2005-12-04 23:45 12,529 ----a-w c:\program files\ST6UNST.LOG
2005-10-16 02:28 964 ----a-w c:\documents and settings\John NX1Z\Application Data\wklnhst.dat
2005-10-03 19:02 49,590,501 ----a-w c:\documents and settings\John NX1Z\Fonts.zip
2005-09-04 01:35 0 ---ha-w c:\documents and settings\John NX1Z\hpothb07.dat
2003-08-27 21:19 36,963 ----a-r c:\program files\Common Files\SM1updtr.dll
2001-01-18 04:30 4,771,840 ----a-w c:\program files\ws780.exe
2000-12-24 00:13 1,560 ----a-w c:\program files\trs_results.htm
.

------- Sigcheck -------

2005-05-25 14:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 05:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 06:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 07:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB893066$\tcpip.sys
2005-05-25 14:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$NtUninstallKB913446$\tcpip.sys
2006-01-12 21:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-06-20 05:45 360320 1cc09561e21a48a7f649a40f18235860 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 05:45 360320 1cc09561e21a48a7f649a40f18235860 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-01 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-01 126976]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-01-14 122939]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2005-04-20 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-02-22 24576]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-28 675840]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 122880]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 53248]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-06-20 339968]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 49152]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 50688]
"Notebook Maximizer"="c:\program files\Notebook Maximizer\maximizer_startup.exe" [2004-05-25 28672]
"Motive SmartBridge"="c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359]
"SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-08 36904]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-07-13 582992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"TCtryIOHook"="TCtrlIOHook.exe" [2004-05-01 c:\windows\system32\TCtrlIOHook.exe]
"TFncKy"="TFncKy.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 c:\windows\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2004-12-28 c:\windows\system32\TPSMain.exe]
"ZoomingHook"="ZoomingHook.exe" [2004-05-01 c:\windows\system32\ZoomingHook.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\John NX1Z\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-05-23 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B9E618A2-A4FE-11D4-83C2-005004636C96}"= "c:\program files\Metamail Inc\Metamail Reader\OESHook.dll" [2005-04-26 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 13:27 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\K1RFD\\EchoLink\\EchoLink.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\MSN Gaming Zone\\zclient.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-06 64160]
S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
S2 devdpl;devdpl;c:\windows\system32\drivers\devdpl.sys [2005-12-22 7168]
S2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPortIO.SYS [2008-06-27 3584]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S2 litdpl;litdpl;c:\windows\system32\drivers\litdpl.sys [2005-12-22 4736]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-09-27 10664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Y]
\Shell\AutoRun\command - Y:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-02-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:34]

2009-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-16 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (NX1Z-Administrator NX1Z).job
- c:\progra~1\mcafee.com\vso\mcmnhdlr.exe []

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-07-25 14:10]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-07-25 14:10]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\John NX1Z\Application Data\Mozilla\Firefox\Profiles\60bm3ncm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\John NX1Z\Application Data\Mozilla\Firefox\Profiles\60bm3ncm.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 20:56:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(244)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcods.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-02-17 21:06:05 - machine was rebooted [John NX1Z]
ComboFix-quarantined-files.txt 2009-02-18 02:06:01

Pre-Run: 14,931,361,792 bytes free
Post-Run: 14,915,973,120 bytes free

229 --- E O F --- 2009-02-16 02:25:54

Rorschach112
Feb 18 2009, 03:08 PM
hello

Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
http://www.lavasoftsupport.com/index.php?showtopic=23888

Collect::
c:\windows\system32\TDSSncur.dll
c:\windows\system32\TDSSoipa.dll
c:\windows\system32\TDSSqxgx.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Y]

Suspect::


Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


XZED
Feb 19 2009, 12:29 AM
Rorschach112

I followed your last post to a T. Currently, the log is open, but the icons on my desktop have not loaded. The computer is just sitting like that. Is CF done?
Rorschach112
Feb 19 2009, 12:47 AM
reboot and post its log from C:\ComboFix.txt
XZED
Feb 19 2009, 01:07 AM
ComboFix 09-02-17.01 - John NX1Z 2009-02-18 18:13:26.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.328 [GMT -5:00]
Running from: c:\documents and settings\John NX1Z\Desktop\xzed1.exe
Command switches used :: c:\documents and settings\John NX1Z\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\TDSSncur.dll
c:\windows\system32\TDSSoipa.dll
c:\windows\system32\TDSSqxgx.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-18 to 2009-02-18 )))))))))))))))))))))))))))))))
.

2009-02-17 20:45 . 2009-02-17 21:06 <DIR> d-------- C:\ComboFix99
2009-02-16 21:07 . 2009-02-16 21:07 <DIR> d-------- c:\windows\ERUNT
2009-02-16 20:51 . 2009-02-16 21:54 <DIR> d-------- C:\SDFix
2009-02-16 19:35 . 2009-02-16 19:35 <DIR> d-------- c:\documents and settings\John NX1Z\Application Data\Malwarebytes
2009-02-16 19:24 . 2009-02-16 19:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-16 18:46 . 2009-02-16 19:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malwarexxx
2009-02-16 18:46 . 2009-02-16 18:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-16 18:46 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-16 18:46 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-07 20:37 . 2009-02-07 21:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\U3
2009-02-06 21:50 . 2009-01-18 16:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-06 21:22 . 2009-01-18 16:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-06 21:15 . 2009-02-06 21:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-06 21:15 . 2009-02-06 21:15 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-03 20:15 . 2009-02-03 20:15 <DIR> d-------- c:\documents and settings\John NX1Z\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 18:54 --------- d-----w c:\documents and settings\John NX1Z\Application Data\U3
2009-02-16 02:19 --------- d-----w c:\program files\AIM
2009-02-16 02:18 --------- d-----w c:\program files\Common Files\Adobe
2009-02-16 02:16 --------- d-----w c:\program files\Lavasoft
2009-02-16 02:16 --------- d-----w c:\documents and settings\John NX1Z\Application Data\Lavasoft
2009-02-16 02:12 --------- d-----w c:\program files\Microsoft Games
2009-01-10 00:44 --------- d-----w c:\program files\Verizon
2008-12-31 18:10 --------- d-----w c:\program files\iTunes
2008-12-31 18:10 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-31 18:09 --------- d-----w c:\program files\iPod
2008-12-31 18:07 --------- d-----w c:\program files\Bonjour
2008-12-31 18:06 --------- d-----w c:\program files\QuickTime
2008-12-31 18:02 --------- d-----w c:\program files\Common Files\Apple
2005-12-04 23:45 12,529 ----a-w c:\program files\ST6UNST.LOG
2005-10-16 02:28 964 ----a-w c:\documents and settings\John NX1Z\Application Data\wklnhst.dat
2005-10-03 19:02 49,590,501 ----a-w c:\documents and settings\John NX1Z\Fonts.zip
2005-09-04 01:35 0 ---ha-w c:\documents and settings\John NX1Z\hpothb07.dat
2003-08-27 21:19 36,963 ----a-r c:\program files\Common Files\SM1updtr.dll
2001-01-18 04:30 4,771,840 ----a-w c:\program files\ws780.exe
2000-12-24 00:13 1,560 ----a-w c:\program files\trs_results.htm
.

------- Sigcheck -------

2005-05-25 14:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 05:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 06:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 07:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB893066$\tcpip.sys
2005-05-25 14:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$NtUninstallKB913446$\tcpip.sys
2006-01-12 21:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-06-20 05:45 360320 1cc09561e21a48a7f649a40f18235860 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 05:45 360320 1cc09561e21a48a7f649a40f18235860 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 53248]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-02-22 24576]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 122880]
"SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-08 36904]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"Notebook Maximizer"="c:\program files\Notebook Maximizer\maximizer_startup.exe" [2004-05-25 28672]
"Motive SmartBridge"="c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 50688]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-07-13 582992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-01 155648]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2005-04-20 28672]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 49152]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-06-20 339968]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-01 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-01-14 122939]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-28 675840]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
"ZoomingHook"="ZoomingHook.exe" [2004-05-01 c:\windows\system32\ZoomingHook.exe]
"TPSMain"="TPSMain.exe" [2004-12-28 c:\windows\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"TCtryIOHook"="TCtrlIOHook.exe" [2004-05-01 c:\windows\system32\TCtrlIOHook.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 c:\windows\agrsmmsg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-05-23 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B9E618A2-A4FE-11D4-83C2-005004636C96}"= "c:\program files\Metamail Inc\Metamail Reader\OESHook.dll" [2005-04-26 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 13:27 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\K1RFD\\EchoLink\\EchoLink.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\MSN Gaming Zone\\zclient.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-06 64160]
S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
S2 devdpl;devdpl;c:\windows\system32\drivers\devdpl.sys [2005-12-22 7168]
S2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPortIO.SYS [2008-06-27 3584]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S2 litdpl;litdpl;c:\windows\system32\drivers\litdpl.sys [2005-12-22 4736]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-09-27 10664]
.
Contents of the 'Scheduled Tasks' folder

2009-02-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:34]

2009-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-16 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (NX1Z-Administrator NX1Z).job
- c:\progra~1\mcafee.com\vso\mcmnhdlr.exe []

2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-07-25 14:10]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-07-25 14:10]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\John NX1Z\Application Data\Mozilla\Firefox\Profiles\60bm3ncm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\John NX1Z\Application Data\Mozilla\Firefox\Profiles\60bm3ncm.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 18:14:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-02-18 18:17:35
ComboFix-quarantined-files.txt 2009-02-18 23:16:19
ComboFix2.txt 2009-02-18 02:06:06

Pre-Run: 15,332,356,096 bytes free
Post-Run: 15,319,134,208 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /safeboot:network

211 --- E O F --- 2009-02-16 02:25:54
Rorschach112
Feb 19 2009, 02:53 AM
hello

Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
XZED
Feb 19 2009, 07:14 AM
Here are the 2 logs.
How do things look?

=====================================

Malwarebytes' Anti-Malware 1.34
Database version: 1778
Windows 5.1.2600 Service Pack 2

2/18/2009 9:25:02 PM
mbam-log-2009-02-18 (21-25-02).txt

Scan type: Quick Scan
Objects scanned: 91749
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


========================================================

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, February 19, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, February 19, 2009 03:36:26
Records in database: 1813905
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 208297
Threat name: 14
Infected objects: 21
Suspicious objects: 0
Duration of the scan: 02:45:50


File name / Threat name / Threats count
C:\Documents and Settings\John NX1Z\My Documents\Licias Computer Fix\SmitfraudFix.exe Infected: Hoax.Win32.Renos.vaql 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\12520850c.exe.vir Infected: Trojan-Downloader.Win32.Agent.asii 1
C:\Qoobox\Quarantine\[4]-Submit_2009-02-18@18.13.zip Infected: Rootkit.Win32.TDSS.dbg 1
C:\Qoobox\Quarantine\[4]-Submit_2009-02-18@18.13.zip Infected: Backdoor.Win32.TDSS.blh 1
C:\SDFix\backups\catchme.zip Infected: Backdoor.Win32.TDSS.bkw 2
C:\SDFix\backups\catchme.zip Infected: Backdoor.Win32.TDSS.blh 1
C:\SDFix\backups\catchme.zip Infected: Backdoor.Win32.TDSS.asz 2
C:\SDFix\backups\catchme.zip Infected: Backdoor.Win32.TDSS.atb 2
C:\SDFix\backups\catchme.zip Infected: Rootkit.Win32.TDSS.dbg 1
C:\SDFix\backups\catchme.zip Infected: Packed.Win32.Tdss.a 2
C:\SDFix\backups\catchme.zip Infected: Trojan.Win32.Patched.dy 2
C:\SDFix\backups\catchme.zip Infected: Rootkit.Win32.TDSS.cig 1
C:\SDFix\backups\catchme.zip Infected: Rootkit.Win32.TDSS.eyj 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2R0RM729\l26[1].exe Infected: Trojan.Win32.Pakes.mvz 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9QPST0P\main[1].exe Infected: not-a-virus:FraudTool.Win32.ProAntivirus2009.c 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S9QPST0P\main[2].exe Infected: not-a-virus:FraudTool.Win32.MSAntispyware2009.p 1

The selected area was scanned.
Rorschach112
Feb 19 2009, 03:08 PM
post a new HJT Log
XZED
Feb 19 2009, 06:28 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:30 PM, on 2/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Documents and Settings\John NX1Z\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135229339093
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 10348 bytes
Rorschach112
Feb 19 2009, 09:16 PM
post one from normal mode I mean
XZED
Feb 20 2009, 12:33 AM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:34:06 PM, on 2/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\John NX1Z\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135229339093
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 12474 bytes
Rorschach112
Feb 20 2009, 03:09 PM
your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.



Download ToolsCleaner2 to your desktop and run it ( by de A.Rothstein & Dj Quiou )
  • Click the Pt. Restauration button and press OK to the prompts.
  • Click the Corbeille button and press OK to the prompt.
  • Click the Fichiers temp button and press OK to the prompt.
  • Click the Recherche button and let it run ( it may look like it freezes but let it continue )
  • Once it is done click the Suppression button and let it remove anything it finds.
  • Close the program



Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



Below I have included a number of recommendations for how to protect your computer against malware infections.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.


XZED
Feb 20 2009, 11:53 PM
Rorschach112,

Thanks for all your help! I REALLY appreciate it.

BTW, I was thinking about ditching McAfee and running Avast. Do you recommend this or something else?

Also, would you mind looking at a HJT log from my other "clean" computer to make sure it really is clean?

/John
Rorschach112
Feb 21 2009, 12:44 AM
I would definitely remove McAfee, its terrible

Make sure you use the McAfee Removal Tool to get rid of it though

http://majorgeeks.com/McAfee_Consumer_Prod...Tool_d5420.html



And yes go ahead and post the HJT log here
XZED
Feb 21 2009, 02:53 AM
Excellent, thanks for checking this out for me:

So, I figured id run ATF cleaner before HJT but ATFC froze (Not Responding). So I killed it and ran it 2 or 3 more times with same result. I ran it again but only did the firefox clean and it went fine....hmmmmm.

Anyway, here it the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:02 PM, on 2/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator_\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yme.music.yahoo.com/uninstallForm.asp
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {fdc8f39a-1dd1-11b2-88be-b895c19d0f90} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 12072 bytes
Rorschach112
Feb 21 2009, 01:52 PM
looks ok

a scan wont hurt

Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
XZED
Feb 24 2009, 02:35 AM
Here is the MB log. Kerpersky log comming later.


Malwarebytes' Anti-Malware 1.34
Database version: 1798
Windows 5.1.2600 Service Pack 3

2/23/2009 8:42:35 PM
mbam-log-2009-02-23 (20-42-35).txt

Scan type: Quick Scan
Objects scanned: 77224
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Rorschach112
Feb 24 2009, 01:42 PM
ok
XZED
Feb 26 2009, 05:32 AM
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, February 25, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, February 26, 2009 02:07:10
Records in database: 1845575
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 136494
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:19:14


File name / Threat name / Threats count
C:\Documents and Settings\LICIA2\My Documents\My Music\iTunes\iTunes Music\Copy of dum diddy - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\QooBox\Quarantine\C\WINDOWS\default.htm.vir Infected: Hoax.HTML.Secureinvites.c 1
C:\RECYCLER\S-1-5-21-2101865079-405439641-3820065472-1008\Dc100.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\RECYCLER\S-1-5-21-2101865079-405439641-3820065472-1008\Dc176.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1

The selected area was scanned.
Rorschach112
Feb 26 2009, 02:41 PM
hello

Please download OTMoveIt3 by OldTimer
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    CODE
    :Processes
    explorer.exe

    :Services

    :Reg

    :Files
    C:\Documents and Settings\LICIA2\My Documents\My Music\iTunes\iTunes Music\Copy of dum diddy - greatest hits.wma
    C:\RECYCLER\S-1-5-21-2101865079-405439641-3820065472-1008\Dc100.wma
    C:\RECYCLER\S-1-5-21-2101865079-405439641-3820065472-1008\Dc176.mp3


    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    %systemroot%\System32\antiwpa.dll
    %systemroot%\SYSTEM32\wpa.dll
    %systemroot%\setup\scripts\biestart.exe
    %systemroot%\system32\serauth1.dll
    %systemroot%\system32\serauth2.dll
    %systemroot%\system32\sysaudio.sys
    %systemroot%\system32\wdmaud.sys
    %systemroot%\system32\aeaudio.sys

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

XZED
Feb 28 2009, 04:45 AM
Here is the moveit log. Why we doing this?
OTlistit comming soon


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\LICIA2\My Documents\My Music\iTunes\iTunes Music\Copy of dum diddy - greatest hits.wma moved successfully.
C:\RECYCLER\S-1-5-21-2101865079-405439641-3820065472-1008\Dc100.wma moved successfully.
File/Folder C:\RECYCLER\S-1-5-21-2101865079-405439641-3820065472-1008\Dc176.mp3 not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_bPNCdmEjxzueuOb scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_6vPKiRFzBh9h2Qa scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_7R8Nglu7LYd9gis scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_RQ9deuEYI75W72F scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_63c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFVB3.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02272009_223032

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\mcafee_bPNCdmEjxzueuOb not found!
File C:\WINDOWS\temp\mcmsc_6vPKiRFzBh9h2Qa not found!
File C:\WINDOWS\temp\mcmsc_7R8Nglu7LYd9gis not found!
File C:\WINDOWS\temp\mcmsc_RQ9deuEYI75W72F not found!
File C:\WINDOWS\temp\Perflib_Perfdata_63c.dat not found!
File C:\WINDOWS\temp\WFVB3.tmp not found!
XZED
Feb 28 2009, 04:58 AM
OTListIt logfile created on: 2/27/2009 10:54:42 PM - Run
OTListIt2 by OldTimer - Version 2.0.2.0 Folder = C:\Documents and Settings\Administrator_\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

501.98 Mb Total Physical Memory | 173.13 Mb Available Physical Memory | 34.49% Memory free
1.20 Gb Paging File | 0.78 Gb Available in Paging File | 65.32% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.23 Gb Total Space | 31.65 Gb Free Space | 42.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LICIA
Current User Name: Administrator_
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
PRC - C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Documents and Settings\Administrator_\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DVD-RAM_Service [Auto | Running]) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (gusvc [Auto | Running]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MskService [Auto | Stopped]) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe (McAfee Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (Swupdtmr [Auto | Running]) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (TAPPSRV [Auto | Running]) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (TODDSrv [Auto | Running]) -- C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (EMSCR [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\EMS7SK.sys (ENE Technology Inc.)
DRV - (ESDCR [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ESD7SK.sys (ENE Technology Inc.)
DRV - (ESMCR [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ESM7SK.sys (ENE Technology Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (meiudf [System | Running]) -- C:\WINDOWS\System32\Drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Netdevio [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys (TOSHIBA Corporation.)
DRV - (NETw3x32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NETw3x32.sys (IntelĀ® Corporation)
DRV - (Pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTLE8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS ()
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ()
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tbiosdrv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys ()
DRV - (TcUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tcusb.sys (UPEK Inc.)
DRV - (tdcmdpst [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tdudf [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\tdudf.sys (TOSHIBA Corporation)
DRV - (tosrfec [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\tosrfec.sys (TOSHIBA Corporation)
DRV - (TVALD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NBSMI.sys (Toshiba Corporation)
DRV - (Tvs [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys (TOSHIBA Corporation)
DRV - (U2SP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys (Magic Control Technology Corp.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/02/22 16:01:16 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/02/11 22:10:57 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/02/22 16:01:31 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator_\Application Data\mozilla\Extensions [2008/11/10 22:31:28 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator_\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/11/10 22:31:28 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator_\Application Data\mozilla\Firefox\Profiles\g5yw3fnl.default\extensions [2009/02/26 21:16:21 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator_\Application Data\mozilla\Firefox\Profiles\g5yw3fnl.default\extensions\moveplayer@movenetworks.com [2008/11/14 22:46:44 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/02/27 15:49:45 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/02/10 22:27:40 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/02/22 16:01:35 00,000,000 | ---D | M]

O1 HOSTS File: (227608 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7986 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee AntiPhishing Filter) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {fdc8f39a-1dd1-11b2-88be-b895c19d0f90} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (McAfee, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries0000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: UserInit - () - File not found
O20 - HKCU Winlogon: UserInit - (C:\WINDOWS\system32\mgmrwmrv.exe) - C:\WINDOWS\system32\mgmrwmrv.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{cd89220e-ef88-11db-9d22-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{cd89220e-ef88-11db-9d22-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cd89220e-ef88-11db-9d22-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f12ef1e1-8c20-11dc-9d41-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{f12ef1e1-8c20-11dc-9d41-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f12ef1e1-8c20-11dc-9d41-00038a000015}\Shell\AutoRun\command - "" = Y:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/02/27 22:48:13 | 00,497,152 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator_\Desktop\OTListIt2.exe
[2009/02/27 22:30:32 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/02/27 22:28:32 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator_\Desktop\OTMoveIt3.exe
[2009/02/23 19:15:56 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/02/22 15:59:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator_\Application Data\Sun
[2009/02/22 01:27:25 | 00,012,800 | -HS- | C] () -- C:\Documents and Settings\Administrator_\Desktop\Thumbs.db
[2009/02/22 01:25:55 | 03,295,463 | ---- | C] () -- C:\Documents and Settings\Administrator_\Desktop\IMG_9163.png
[2009/02/22 01:08:35 | 00,152,860 | ---- | C] () -- C:\Documents and Settings\Administrator_\Desktop\sm_DSC01215.jpg
[2009/02/22 01:07:49 | 00,060,492 | ---- | C] () -- C:\Documents and Settings\Administrator_\Desktop\nx1zm4.jpg
[2009/02/22 01:00:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator_\Desktop\Desktop Drawer
[2009/02/22 00:57:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator_\Desktop\My Bloggs
[2009/02/17 03:07:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/02/17 00:11:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/02/17 00:11:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/02/17 00:11:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/02/17 00:11:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/02/17 00:06:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/02/16 23:55:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/02/16 16:25:21 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/16 16:25:18 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/16 16:25:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator_\Application Data\Malwarebytes
[2009/02/16 15:52:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/16 15:51:58 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009/02/16 15:43:08 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/02/15 18:10:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator_\My Documents\Updater5
[2009/02/11 22:29:13 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/02/11 22:29:13 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/02/11 22:29:12 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/02/11 19:44:35 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/02/11 19:43:31 | 04,865,408 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator_\Desktop\Silverlight.2.0.exe
[2009/02/06 21:46:48 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/02/06 21:21:52 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/02/06 21:21:52 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/02/06 21:17:03 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/02/06 21:16:45 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/02/06 21:16:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/02/06 19:21:39 | 34,543,112 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\All Users\Documents\Ad-AwareAE.exe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/02/27 22:48:24 | 00,497,152 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator_\Desktop\OTListIt2.exe
[2009/02/27 22:36:23 | 00,014,375 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/02/27 22:35:46 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/27 22:35:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/27 22:34:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/27 22:34:57 | 52,643,8400 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/27 22:28:43 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator_\Desktop\OTMoveIt3.exe
[2009/02/27 22:07:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071208220715.job
[2009/02/27 22:07:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071208220709.job
[2009/02/27 22:07:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20070311220715.job
[2009/02/27 22:07:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20070311220706.job
[2009/02/27 21:21:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/02/27 21:21:02 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071208212120.job
[2009/02/27 21:21:02 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071208212114.job
[2009/02/27 21:21:02 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071208212108.job
[2009/02/27 21:21:02 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20070225212109.job
[2009/02/27 21:08:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071208210805.job
[2009/02/27 20:18:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071209201841.job
[2009/02/27 19:50:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071212195011.job
[2009/02/27 19:02:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071020190243.job
[2009/02/27 19:02:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071020190237.job
[2009/02/27 17:15:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071220171513.job
[2009/02/27 17:15:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071220171509.job
[2009/02/27 17:15:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071220171502.job
[2009/02/27 17:13:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071115171325.job
[2009/02/27 17:06:01 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071108170608.job
[2009/02/27 17:06:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20070313170609.job
[2009/02/27 15:33:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071209153339.job
[2009/02/27 10:56:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20080219105607.job
[2009/02/27 10:56:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071211105614.job
[2009/02/27 10:53:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20080219105321.job
[2009/02/27 10:52:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071218105212.job
[2009/02/27 10:52:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071206105237.job
[2009/02/27 10:52:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071206105229.job
[2009/02/25 10:02:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/02/23 19:16:30 | 00,000,842 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/23 19:15:56 | 00,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2009/02/22 01:27:26 | 00,012,800 | -HS- | M] () -- C:\Documents and Settings\Administrator_\Desktop\Thumbs.db
[2009/02/22 01:25:57 | 03,295,463 | ---- | M] () -- C:\Documents and Settings\Administrator_\Desktop\IMG_9163.png
[2009/02/22 01:08:39 | 00,152,860 | ---- | M] () -- C:\Documents and Settings\Administrator_\Desktop\sm_DSC01215.jpg
[2009/02/22 01:07:53 | 00,060,492 | ---- | M] () -- C:\Documents and Settings\Administrator_\Desktop\nx1zm4.jpg
[2009/02/20 13:43:55 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Administrator_\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/18 03:09:20 | 00,164,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/18 03:01:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/17 03:12:04 | 00,408,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/17 03:12:04 | 00,064,602 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/17 03:12:03 | 00,479,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/02/17 00:02:01 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/02/15 01:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/02/13 07:54:38 | 00,000,085 | -HS- | M] () -- C:\Documents and Settings\Administrator_\My Documents\desktop.ini
[2009/02/11 19:44:08 | 04,865,408 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator_\Desktop\Silverlight.2.0.exe
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/06 21:21:34 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/02/06 21:21:14 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/02/06 19:28:06 | 34,543,112 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Documents\Ad-AwareAE.exe
[2009/02/03 18:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/01 01:00:00 | 00,000,354 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job

========== LOP Check ==========

[2009/02/22 15:59:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator_\Application Data
[2009/02/15 18:09:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Adobe
[2006/07/19 21:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\AOL
[2008/12/27 23:59:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Apple Computer
[2008/11/07 22:21:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Google
[2009/01/06 21:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\GRETECH
[2006/07/18 21:37:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Identities
[2008/11/07 23:19:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\InstallShield
[2006/12/25 13:08:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Intel
[2006/12/26 00:27:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Macromedia
[2009/02/16 16:25:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Malwarebytes
[2006/12/25 20:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\McAfee.com Personal Firewall
[2008/09/27 18:40:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator_\Application Data\Microsoft
[2009/01/22 20:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Move Networks
[2008/11/10 22:31:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Mozilla
[2007/03/23 20:25:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\My Games
[2007/01/28 22:18:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Share-to-Web Upload Folder
[2009/02/22 15:59:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Sun
[2006/07/19 18:58:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\toshiba
[2009/02/16 20:57:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\U3
[2006/07/19 21:41:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\You've Got Pictures Screensaver
[2009/02/16 15:52:25 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/11 23:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/02/06 21:17:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2008/10/03 11:31:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/02/23 19:16:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/01/11 23:25:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2006/12/25 20:36:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2006/12/25 13:18:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/02/27 16:26:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2006/12/25 13:08:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/02/06 21:21:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/04/16 20:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/30 12:20:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2007/01/28 20:05:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2008/11/07 23:44:07 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2006/07/19 21:39:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2006/07/19 21:40:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2008/03/01 21:42:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/04/17 20:01:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/02/16 23:37:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/07/19 21:39:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/02/17 14:03:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/12/25 19:58:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/08/11 16:32:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/02/27 21:21:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/02/25 10:02:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/02/15 01:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/02/01 01:00:00 | 00,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/02/27 22:35:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/02/27 21:21:02 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20070225212109.job
[2009/02/27 22:07:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20070311220706.job
[2009/02/27 22:07:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20070311220715.job
[2009/02/27 17:06:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20070313170609.job
[2009/02/27 19:02:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071020190237.job
[2009/02/27 19:02:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071020190243.job
[2009/02/27 17:06:01 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071108170608.job
[2009/02/27 17:13:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071115171325.job
[2009/02/27 10:52:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071206105229.job
[2009/02/27 10:52:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071206105237.job
[2009/02/27 21:08:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071208210805.job
[2009/02/27 21:21:02 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071208212108.job
[2009/02/27 21:21:02 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071208212114.job
[2009/02/27 21:21:02 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071208212120.job
[2009/02/27 22:07:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071208220709.job
[2009/02/27 22:07:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071208220715.job
[2009/02/27 15:33:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071209153339.job
[2009/02/27 20:18:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071209201841.job
[2009/02/27 10:56:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071211105614.job
[2009/02/27 19:50:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071212195011.job
[2009/02/27 10:52:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071218105212.job
[2009/02/27 17:15:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071220171502.job
[2009/02/27 17:15:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071220171509.job
[2009/02/27 17:15:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071220171513.job
[2009/02/27 10:53:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20080219105321.job
[2009/02/27 10:56:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20080219105607.job

========== Custom Scans ==========



========== Net Services ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\NetSvcs

6to4 - -
AppMgmt - C:\WINDOWS\System32\appmgmts.dll - (Microsoft Corporation)
AudioSrv - C:\WINDOWS\System32\audiosrv.dll - (Microsoft Corporation)
Browser - C:\WINDOWS\System32\browser.dll - (Microsoft Corporation)
CryptSvc - C:\WINDOWS\System32\cryptsvc.dll - (Microsoft Corporation)
DMServer - C:\WINDOWS\System32\dmserver.dll - (Microsoft Corp.)
DHCP - C:\WINDOWS\System32\dhcpcsvc.dll - (Microsoft Corporation)
ERSvc - C:\WINDOWS\System32\ersvc.dll - (Microsoft Corporation)
EventSystem - C:\WINDOWS\system32\es.dll - (Microsoft Corporation)
FastUserSwitchingCompatibility - C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation)
HidServ - C:\WINDOWS\System32\hidserv.dll - (Microsoft Corporation)
Ias - -
Iprip - -
Irmon - -
LanmanServer - C:\WINDOWS\System32\srvsvc.dll - (Microsoft Corporation)
LanmanWorkstation - C:\WINDOWS\System32\wkssvc.dll - (Microsoft Corporation)
Messenger - C:\WINDOWS\System32\msgsvc.dll - (Microsoft Corporation)
Netman - C:\WINDOWS\System32\netman.dll - (Microsoft Corporation)
Nla - C:\WINDOWS\System32\mswsock.dll - (Microsoft Corporation)
Ntmssvc - C:\WINDOWS\system32\ntmssvc.dll - (Microsoft Corporation)
NWCWorkstation - -
Nwsapagent - -
Rasauto - C:\WINDOWS\System32\rasauto.dll - (Microsoft Corporation)
Rasman - C:\WINDOWS\System32\rasmans.dll - (Microsoft Corporation)
Remoteaccess - C:\WINDOWS\System32\mprdim.dll - (Microsoft Corporation)
Schedule - C:\WINDOWS\system32\schedsvc.dll - (Microsoft Corporation)
Seclogon - C:\WINDOWS\System32\seclogon.dll - (Microsoft Corporation)
SENS - C:\WINDOWS\system32\sens.dll - (Microsoft Corporation)
Sharedaccess - C:\WINDOWS\System32\ipnathlp.dll - (Microsoft Corporation)
SRService - C:\WINDOWS\system32\srsvc.dll - (Microsoft Corporation)
Tapisrv - C:\WINDOWS\System32\tapisrv.dll - (Microsoft Corporation)
Themes - C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation)
TrkWks - C:\WINDOWS\system32\trkwks.dll - (Microsoft Corporation)
W32Time - C:\WINDOWS\system32\w32time.dll - (Microsoft Corporation)
WZCSVC - C:\WINDOWS\System32\wzcsvc.dll - (Microsoft Corporation)
Wmi - C:\WINDOWS\System32\advapi32.dll - (Microsoft Corporation)
WmdmPmSp - -
winmgmt - C:\WINDOWS\system32\wbem\WMIsvc.dll - (Microsoft Corporation)
wscsvc - C:\WINDOWS\system32\wscsvc.dll - (Microsoft Corporation)
xmlprov - C:\WINDOWS\System32\xmlprov.dll - (Microsoft Corporation)
MHN - C:\WINDOWS\System32\mhn.dll - (Microsoft Corporation)
BITS - C:\WINDOWS\system32\qmgr.dll - (Microsoft Corporation)
wuauserv - C:\WINDOWS\system32\wuauserv.dll - (Microsoft Corporation)
ShellHWDetection - C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation)
helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)
WmdmPmSN - C:\WINDOWS\system32\MsPMSNSv.dll - (Microsoft Corporation)
napagent - C:\WINDOWS\System32\qagentrt.dll - (Microsoft Corporation)
hkmsvc - C:\WINDOWS\System32\kmsvc.dll - (Microsoft Corporation)



========== SafeBoot-Minimal Settings ==========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\

AppMgmt - %SystemRoot%\System32\appmgmts.dll - (Microsoft Corporation)
Base - Driver Group
Boot Bus Extender - Driver Group
Boot file system - Driver Group
CryptSvc - %SystemRoot%\System32\cryptsvc.dll - (Microsoft Corporation)
DcomLaunch - %SystemRoot%\system32\rpcss.dll - (Microsoft Corporation)
dmadmin - %SystemRoot%\System32\dmadmin.exe - (Microsoft Corp., Veritas Software)
dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys - (Microsoft Corp., Veritas Software)
dmio.sys - %SystemRoot%\System32\drivers\dmio.sys - (Microsoft Corp., Veritas Software)
dmload.sys - %SystemRoot%\System32\drivers\dmload.sys - (Microsoft Corp., Veritas Software.)
dmserver - %SystemRoot%\System32\dmserver.dll - (Microsoft Corp.)
EventLog - %SystemRoot%\system32\services.exe - (Microsoft Corporation)
File system - Driver Group
Filter - Driver Group
HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)
Lavasoft Ad-Aware Service - %ProgramFiles%\Lavasoft\Ad-Aware\AAWService.exe - (Lavasoft)
mcmscsvc - %ProgramFiles%\McAfee\MSC\mcmscsvc.exe - (McAfee, Inc.)
MCODS - %ProgramFiles%\McAfee\VirusScan\mcods.exe - (McAfee, Inc.)
Netlogon - %SystemRoot%\system32\lsass.exe - (Microsoft Corporation)
PCI Configuration - Driver Group
PlugPlay - %SystemRoot%\system32\services.exe - (Microsoft Corporation)
PNP Filter - Driver Group
Primary disk - Driver Group
RpcSs - %SystemRoot%\System32\rpcss.dll - (Microsoft Corporation)
SCSI Class - Driver Group
sermouse.sys - Driver
sr.sys - %SystemRoot%\system32\DRIVERS\sr.sys - (Microsoft Corporation)
SRService - %SystemRoot%\system32\srsvc.dll - (Microsoft Corporation)
System Bus Extender - Driver Group
vds - Service
vga.sys - Driver
vgasave.sys - %SystemRoot%\System32\drivers\vga.sys - (Microsoft Corporation)
WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll - (Microsoft Corporation)
{36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} - System
{4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices


========== SafeBoot-Network Settings ==========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\

AFD - %SystemRoot%\System32\drivers\afd.sys - (Microsoft Corporation)
AppMgmt - %SystemRoot%\System32\appmgmts.dll - (Microsoft Corporation)
Base - Driver Group
Boot Bus Extender - Driver Group
Boot file system - Driver Group
Browser - %SystemRoot%\System32\browser.dll - (Microsoft Corporation)
CryptSvc - %SystemRoot%\System32\cryptsvc.dll - (Microsoft Corporation)
DcomLaunch - %SystemRoot%\system32\rpcss.dll - (Microsoft Corporation)
Dhcp - %SystemRoot%\System32\dhcpcsvc.dll - (Microsoft Corporation)
dmadmin - %SystemRoot%\System32\dmadmin.exe - (Microsoft Corp., Veritas Software)
dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys - (Microsoft Corp., Veritas Software)
dmio.sys - %SystemRoot%\System32\drivers\dmio.sys - (Microsoft Corp., Veritas Software)
dmload.sys - %SystemRoot%\System32\drivers\dmload.sys - (Microsoft Corp., Veritas Software.)
dmserver - %SystemRoot%\System32\dmserver.dll - (Microsoft Corp.)
DnsCache - %SystemRoot%\System32\dnsrslvr.dll - (Microsoft Corporation)
EventLog - %SystemRoot%\system32\services.exe - (Microsoft Corporation)
File system - Driver Group
Filter - Driver Group
HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)
ip6fw.sys - %SystemRoot%\system32\drivers\ip6fw.sys - (Microsoft Corporation)
ipnat.sys - %SystemRoot%\system32\DRIVERS\ipnat.sys - (Microsoft Corporation)
LanmanServer - %SystemRoot%\System32\srvsvc.dll - (Microsoft Corporation)
LanmanWorkstation - %SystemRoot%\System32\wkssvc.dll - (Microsoft Corporation)
Lavasoft Ad-Aware Service - %ProgramFiles%\Lavasoft\Ad-Aware\AAWService.exe - (Lavasoft)
LmHosts - %SystemRoot%\System32\lmhsvc.dll - (Microsoft Corporation)
mcmscsvc - %ProgramFiles%\McAfee\MSC\mcmscsvc.exe - (McAfee, Inc.)
MCODS - %ProgramFiles%\McAfee\VirusScan\mcods.exe - (McAfee, Inc.)
Messenger - %SystemRoot%\System32\msgsvc.dll - (Microsoft Corporation)
MpfService - %ProgramFiles%\McAfee\MPF\MPFSrv.exe - (McAfee, Inc.)
NDIS - %SystemRoot%\System32\drivers\ndis.sys - (Microsoft Corporation)
NDIS Wrapper - Driver Group
Ndisuio - %SystemRoot%\system32\DRIVERS\ndisuio.sys - (Microsoft Corporation)
NetBIOS - %SystemRoot%\system32\DRIVERS\netbios.sys - (Microsoft Corporation)
NetBIOSGroup - Driver Group
NetBT - %SystemRoot%\system32\DRIVERS\netbt.sys - (Microsoft Corporation)
NetDDEGroup - Driver Group
Netlogon - %SystemRoot%\system32\lsass.exe - (Microsoft Corporation)
NetMan - %SystemRoot%\System32\netman.dll - (Microsoft Corporation)
Network - Driver Group
NetworkProvider - Driver Group
NtLmSsp - %SystemRoot%\system32\lsass.exe - (Microsoft Corporation)
PCI Configuration - Driver Group
PlugPlay - %SystemRoot%\system32\services.exe - (Microsoft Corporation)
PNP Filter - Driver Group
PNP_TDI - Driver Group
Primary disk - Driver Group
rdpcdd.sys - %SystemRoot%\System32\DRIVERS\RDPCDD.sys - (Microsoft Corporation)
rdpdd.sys - %SystemRoot%\System32\rdpdd.dll - (Microsoft Corporation)
rdpwd.sys - %SystemRoot%\System32\drivers\rdpwd.sys - (Microsoft Corporation)
rdsessmgr - %SystemRoot%\system32\sessmgr.exe - (Microsoft Corporation)
RpcSs - %SystemRoot%\System32\rpcss.dll - (Microsoft Corporation)
SCSI Class - Driver Group
sermouse.sys - Driver
SharedAccess - %SystemRoot%\System32\ipnathlp.dll - (Microsoft Corporation)
sr.sys - %SystemRoot%\system32\DRIVERS\sr.sys - (Microsoft Corporation)
SRService - %SystemRoot%\system32\srsvc.dll - (Microsoft Corporation)
Streams Drivers - Driver Group
System Bus Extender - Driver Group
Tcpip - %SystemRoot%\system32\DRIVERS\tcpip.sys - (Microsoft Corporation)
TDI - Driver Group
tdpipe.sys - %SystemRoot%\System32\drivers\tdpipe.sys - (Microsoft Corporation)
tdtcp.sys - %SystemRoot%\System32\drivers\tdtcp.sys - (Microsoft Corporation)
termservice - %SystemRoot%\System32\termsrv.dll - (Microsoft Corporation)
vga.sys - Driver
vgasave.sys - %SystemRoot%\System32\drivers\vga.sys - (Microsoft Corporation)
WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll - (Microsoft Corporation)
WZCSVC - %SystemRoot%\System32\wzcsvc.dll - (Microsoft Corporation)
{36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} - Net
{4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} - System
{4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\serauth1.dll >

< %systemroot%\system32\serauth2.dll >

< %systemroot%\system32\sysaudio.sys >

< %systemroot%\system32\wdmaud.sys >

< %systemroot%\system32\aeaudio.sys >

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Administrator_\Desktop\Thumbs.db:encryptable
< End of report >
XZED
Feb 28 2009, 04:59 AM
OTListIt logfile created on: 2/27/2009 10:54:42 PM - Run
OTListIt2 by OldTimer - Version 2.0.2.0 Folder = C:\Documents and Settings\Administrator_\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

501.98 Mb Total Physical Memory | 173.13 Mb Available Physical Memory | 34.49% Memory free
1.20 Gb Paging File | 0.78 Gb Available in Paging File | 65.32% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.23 Gb Total Space | 31.65 Gb Free Space | 42.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LICIA
Current User Name: Administrator_
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
PRC - C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Documents and Settings\Administrator_\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CFSvcs [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DVD-RAM_Service [Auto | Running]) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (gusvc [Auto | Running]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MskService [Auto | Stopped]) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe (McAfee Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (Swupdtmr [Auto | Running]) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (TAPPSRV [Auto | Running]) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (TODDSrv [Auto | Running]) -- C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (EMSCR [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\EMS7SK.sys (ENE Technology Inc.)
DRV - (ESDCR [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ESD7SK.sys (ENE Technology Inc.)
DRV - (ESMCR [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ESM7SK.sys (ENE Technology Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (meiudf [System | Running]) -- C:\WINDOWS\System32\Drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Netdevio [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\netdevio.sys (TOSHIBA Corporation.)
DRV - (NETw3x32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NETw3x32.sys (IntelĀ® Corporation)
DRV - (Pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTLE8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS ()
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ()
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tbiosdrv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys ()
DRV - (TcUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tcusb.sys (UPEK Inc.)
DRV - (tdcmdpst [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tdudf [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\tdudf.sys (TOSHIBA Corporation)
DRV - (tosrfec [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\tosrfec.sys (TOSHIBA Corporation)
DRV - (TVALD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NBSMI.sys (Toshiba Corporation)
DRV - (Tvs [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Tvs.sys (TOSHIBA Corporation)
DRV - (U2SP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys (Magic Control Technology Corp.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/02/22 16:01:16 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/02/11 22:10:57 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/02/22 16:01:31 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator_\Application Data\mozilla\Extensions [2008/11/10 22:31:28 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator_\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/11/10 22:31:28 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator_\Application Data\mozilla\Firefox\Profiles\g5yw3fnl.default\extensions [2009/02/26 21:16:21 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Administrator_\Application Data\mozilla\Firefox\Profiles\g5yw3fnl.default\extensions\moveplayer@movenetworks.com [2008/11/14 22:46:44 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/02/27 15:49:45 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/02/10 22:27:40 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/02/22 16:01:35 00,000,000 | ---D | M]

O1 HOSTS File: (227608 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7986 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee AntiPhishing Filter) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {fdc8f39a-1dd1-11b2-88be-b895c19d0f90} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run (TOSHIBA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (McAfee, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries0000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: UserInit - () - File not found
O20 - HKCU Winlogon: UserInit - (C:\WINDOWS\system32\mgmrwmrv.exe) - C:\WINDOWS\system32\mgmrwmrv.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{cd89220e-ef88-11db-9d22-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{cd89220e-ef88-11db-9d22-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cd89220e-ef88-11db-9d22-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f12ef1e1-8c20-11dc-9d41-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{f12ef1e1-8c20-11dc-9d41-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f12ef1e1-8c20-11dc-9d41-00038a000015}\Shell\AutoRun\command - "" = Y:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/02/27 22:48:13 | 00,497,152 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator_\Desktop\OTListIt2.exe
[2009/02/27 22:30:32 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/02/27 22:28:32 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator_\Desktop\OTMoveIt3.exe
[2009/02/23 19:15:56 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/02/22 15:59:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator_\Application Data\Sun
[2009/02/22 01:27:25 | 00,012,800 | -HS- | C] () -- C:\Documents and Settings\Administrator_\Desktop\Thumbs.db
[2009/02/22 01:25:55 | 03,295,463 | ---- | C] () -- C:\Documents and Settings\Administrator_\Desktop\IMG_9163.png
[2009/02/22 01:08:35 | 00,152,860 | ---- | C] () -- C:\Documents and Settings\Administrator_\Desktop\sm_DSC01215.jpg
[2009/02/22 01:07:49 | 00,060,492 | ---- | C] () -- C:\Documents and Settings\Administrator_\Desktop\nx1zm4.jpg
[2009/02/22 01:00:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator_\Desktop\Desktop Drawer
[2009/02/22 00:57:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator_\Desktop\My Bloggs
[2009/02/17 03:07:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/02/17 00:11:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/02/17 00:11:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/02/17 00:11:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/02/17 00:11:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/02/17 00:06:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/02/16 23:55:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/02/16 16:25:21 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/16 16:25:18 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/16 16:25:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator_\Application Data\Malwarebytes
[2009/02/16 15:52:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/16 15:51:58 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009/02/16 15:43:08 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/02/15 18:10:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator_\My Documents\Updater5
[2009/02/11 22:29:13 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/02/11 22:29:13 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/02/11 22:29:12 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/02/11 19:44:35 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/02/11 19:43:31 | 04,865,408 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator_\Desktop\Silverlight.2.0.exe
[2009/02/06 21:46:48 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/02/06 21:21:52 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/02/06 21:21:52 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/02/06 21:17:03 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/02/06 21:16:45 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/02/06 21:16:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/02/06 19:21:39 | 34,543,112 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\All Users\Documents\Ad-AwareAE.exe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/02/27 22:48:24 | 00,497,152 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator_\Desktop\OTListIt2.exe
[2009/02/27 22:36:23 | 00,014,375 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/02/27 22:35:46 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/27 22:35:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/27 22:34:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/27 22:34:57 | 52,643,8400 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/27 22:28:43 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator_\Desktop\OTMoveIt3.exe
[2009/02/27 22:07:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071208220715.job
[2009/02/27 22:07:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071208220709.job
[2009/02/27 22:07:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20070311220715.job
[2009/02/27 22:07:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20070311220706.job
[2009/02/27 21:21:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/02/27 21:21:02 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071208212120.job
[2009/02/27 21:21:02 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071208212114.job
[2009/02/27 21:21:02 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071208212108.job
[2009/02/27 21:21:02 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20070225212109.job
[2009/02/27 21:08:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071208210805.job
[2009/02/27 20:18:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071209201841.job
[2009/02/27 19:50:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071212195011.job
[2009/02/27 19:02:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071020190243.job
[2009/02/27 19:02:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071020190237.job
[2009/02/27 17:15:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071220171513.job
[2009/02/27 17:15:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071220171509.job
[2009/02/27 17:15:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071220171502.job
[2009/02/27 17:13:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071115171325.job
[2009/02/27 17:06:01 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071108170608.job
[2009/02/27 17:06:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20070313170609.job
[2009/02/27 15:33:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071209153339.job
[2009/02/27 10:56:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20080219105607.job
[2009/02/27 10:56:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071211105614.job
[2009/02/27 10:53:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20080219105321.job
[2009/02/27 10:52:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071218105212.job
[2009/02/27 10:52:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071206105237.job
[2009/02/27 10:52:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20071206105229.job
[2009/02/25 10:02:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/02/23 19:16:30 | 00,000,842 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/23 19:15:56 | 00,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2009/02/22 01:27:26 | 00,012,800 | -HS- | M] () -- C:\Documents and Settings\Administrator_\Desktop\Thumbs.db
[2009/02/22 01:25:57 | 03,295,463 | ---- | M] () -- C:\Documents and Settings\Administrator_\Desktop\IMG_9163.png
[2009/02/22 01:08:39 | 00,152,860 | ---- | M] () -- C:\Documents and Settings\Administrator_\Desktop\sm_DSC01215.jpg
[2009/02/22 01:07:53 | 00,060,492 | ---- | M] () -- C:\Documents and Settings\Administrator_\Desktop\nx1zm4.jpg
[2009/02/20 13:43:55 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Administrator_\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/18 03:09:20 | 00,164,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/18 03:01:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/17 03:12:04 | 00,408,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/17 03:12:04 | 00,064,602 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/17 03:12:03 | 00,479,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/02/17 00:02:01 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/02/15 01:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/02/13 07:54:38 | 00,000,085 | -HS- | M] () -- C:\Documents and Settings\Administrator_\My Documents\desktop.ini
[2009/02/11 19:44:08 | 04,865,408 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator_\Desktop\Silverlight.2.0.exe
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/06 21:21:34 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/02/06 21:21:14 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/02/06 19:28:06 | 34,543,112 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Documents\Ad-AwareAE.exe
[2009/02/03 18:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/01 01:00:00 | 00,000,354 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job

========== LOP Check ==========

[2009/02/22 15:59:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator_\Application Data
[2009/02/15 18:09:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Adobe
[2006/07/19 21:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\AOL
[2008/12/27 23:59:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Apple Computer
[2008/11/07 22:21:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Google
[2009/01/06 21:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\GRETECH
[2006/07/18 21:37:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Identities
[2008/11/07 23:19:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\InstallShield
[2006/12/25 13:08:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Intel
[2006/12/26 00:27:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Macromedia
[2009/02/16 16:25:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Malwarebytes
[2006/12/25 20:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\McAfee.com Personal Firewall
[2008/09/27 18:40:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator_\Application Data\Microsoft
[2009/01/22 20:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Move Networks
[2008/11/10 22:31:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Mozilla
[2007/03/23 20:25:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\My Games
[2007/01/28 22:18:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Share-to-Web Upload Folder
[2009/02/22 15:59:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\Sun
[2006/07/19 18:58:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\toshiba
[2009/02/16 20:57:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\U3
[2006/07/19 21:41:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator_\Application Data\You've Got Pictures Screensaver
[2009/02/16 15:52:25 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/11 23:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/02/06 21:17:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2008/10/03 11:31:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/02/23 19:16:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/01/11 23:25:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2006/12/25 20:36:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2006/12/25 13:18:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/02/27 16:26:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2006/12/25 13:08:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/02/06 21:21:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/04/16 20:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/30 12:20:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2007/01/28 20:05:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2008/11/07 23:44:07 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2006/07/19 21:39:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2006/07/19 21:40:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2008/03/01 21:42:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/04/17 20:01:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/02/16 23:37:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/07/19 21:39:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/02/17 14:03:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/12/25 19:58:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/08/11 16:32:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/02/27 21:21:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/02/25 10:02:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/02/15 01:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/02/01 01:00:00 | 00,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/02/27 22:35:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/02/27 21:21:02 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20070225212109.job
[2009/02/27 22:07:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20070311220706.job
[2009/02/27 22:07:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20070311220715.job
[2009/02/27 17:06:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20070313170609.job
[2009/02/27 19:02:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071020190237.job
[2009/02/27 19:02:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071020190243.job
[2009/02/27 17:06:01 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071108170608.job
[2009/02/27 17:13:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071115171325.job
[2009/02/27 10:52:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071206105229.job
[2009/02/27 10:52:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071206105237.job
[2009/02/27 21:08:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071208210805.job
[2009/02/27 21:21:02 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071208212108.job
[2009/02/27 21:21:02 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071208212114.job
[2009/02/27 21:21:02 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071208212120.job
[2009/02/27 22:07:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071208220709.job
[2009/02/27 22:07:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071208220715.job
[2009/02/27 15:33:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071209153339.job
[2009/02/27 20:18:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071209201841.job
[2009/02/27 10:56:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071211105614.job
[2009/02/27 19:50:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071212195011.job
[2009/02/27 10:52:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071218105212.job
[2009/02/27 17:15:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071220171502.job
[2009/02/27 17:15:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071220171509.job
[2009/02/27 17:15:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20071220171513.job
[2009/02/27 10:53:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20080219105321.job
[2009/02/27 10:56:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg 20080219105607.job

========== Custom Scans ==========



========== Net Services ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\NetSvcs

6to4 - -
AppMgmt - C:\WINDOWS\System32\appmgmts.dll - (Microsoft Corporation)
AudioSrv - C:\WINDOWS\System32\audiosrv.dll - (Microsoft Corporation)
Browser - C:\WINDOWS\System32\browser.dll - (Microsoft Corporation)
CryptSvc - C:\WINDOWS\System32\cryptsvc.dll - (Microsoft Corporation)
DMServer - C:\WINDOWS\System32\dmserver.dll - (Microsoft Corp.)
DHCP - C:\WINDOWS\System32\dhcpcsvc.dll - (Microsoft Corporation)
ERSvc - C:\WINDOWS\System32\ersvc.dll - (Microsoft Corporation)
EventSystem - C:\WINDOWS\system32\es.dll - (Microsoft Corporation)
FastUserSwitchingCompatibility - C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation)
HidServ - C:\WINDOWS\System32\hidserv.dll - (Microsoft Corporation)
Ias - -
Iprip - -
Irmon - -
LanmanServer - C:\WINDOWS\System32\srvsvc.dll - (Microsoft Corporation)
LanmanWorkstation - C:\WINDOWS\System32\wkssvc.dll - (Microsoft Corporation)
Messenger - C:\WINDOWS\System32\msgsvc.dll - (Microsoft Corporation)
Netman - C:\WINDOWS\System32\netman.dll - (Microsoft Corporation)
Nla - C:\WINDOWS\System32\mswsock.dll - (Microsoft Corporation)
Ntmssvc - C:\WINDOWS\system32\ntmssvc.dll - (Microsoft Corporation)
NWCWorkstation - -
Nwsapagent - -
Rasauto - C:\WINDOWS\System32\rasauto.dll - (Microsoft Corporation)
Rasman - C:\WINDOWS\System32\rasmans.dll - (Microsoft Corporation)
Remoteaccess - C:\WINDOWS\System32\mprdim.dll - (Microsoft Corporation)
Schedule - C:\WINDOWS\system32\schedsvc.dll - (Microsoft Corporation)
Seclogon - C:\WINDOWS\System32\seclogon.dll - (Microsoft Corporation)
SENS - C:\WINDOWS\system32\sens.dll - (Microsoft Corporation)
Sharedaccess - C:\WINDOWS\System32\ipnathlp.dll - (Microsoft Corporation)
SRService - C:\WINDOWS\system32\srsvc.dll - (Microsoft Corporation)
Tapisrv - C:\WINDOWS\System32\tapisrv.dll - (Microsoft Corporation)
Themes - C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation)
TrkWks - C:\WINDOWS\system32\trkwks.dll - (Microsoft Corporation)
W32Time - C:\WINDOWS\system32\w32time.dll - (Microsoft Corporation)
WZCSVC - C:\WINDOWS\System32\wzcsvc.dll - (Microsoft Corporation)
Wmi - C:\WINDOWS\System32\advapi32.dll - (Microsoft Corporation)
WmdmPmSp - -
winmgmt - C:\WINDOWS\system32\wbem\WMIsvc.dll - (Microsoft Corporation)
wscsvc - C:\WINDOWS\system32\wscsvc.dll - (Microsoft Corporation)
xmlprov - C:\WINDOWS\System32\xmlprov.dll - (Microsoft Corporation)
MHN - C:\WINDOWS\System32\mhn.dll - (Microsoft Corporation)
BITS - C:\WINDOWS\system32\qmgr.dll - (Microsoft Corporation)
wuauserv - C:\WINDOWS\system32\wuauserv.dll - (Microsoft Corporation)
ShellHWDetection - C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation)
helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)
WmdmPmSN - C:\WINDOWS\system32\MsPMSNSv.dll - (Microsoft Corporation)
napagent - C:\WINDOWS\System32\qagentrt.dll - (Microsoft Corporation)
hkmsvc - C:\WINDOWS\System32\kmsvc.dll - (Microsoft Corporation)



========== SafeBoot-Minimal Settings ==========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\

AppMgmt - %SystemRoot%\System32\appmgmts.dll - (Microsoft Corporation)
Base - Driver Group
Boot Bus Extender - Driver Group
Boot file system - Driver Group
CryptSvc - %SystemRoot%\System32\cryptsvc.dll - (Microsoft Corporation)
DcomLaunch - %SystemRoot%\system32\rpcss.dll - (Microsoft Corporation)
dmadmin - %SystemRoot%\System32\dmadmin.exe - (Microsoft Corp., Veritas Software)
dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys - (Microsoft Corp., Veritas Software)
dmio.sys - %SystemRoot%\System32\drivers\dmio.sys - (Microsoft Corp., Veritas Software)
dmload.sys - %SystemRoot%\System32\drivers\dmload.sys - (Microsoft Corp., Veritas Software.)
dmserver - %SystemRoot%\System32\dmserver.dll - (Microsoft Corp.)
EventLog - %SystemRoot%\system32\services.exe - (Microsoft Corporation)
File system - Driver Group
Filter - Driver Group
HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)
Lavasoft Ad-Aware Service - %ProgramFiles%\Lavasoft\Ad-Aware\AAWService.exe - (Lavasoft)
mcmscsvc - %ProgramFiles%\McAfee\MSC\mcmscsvc.exe - (McAfee, Inc.)
MCODS - %ProgramFiles%\McAfee\VirusScan\mcods.exe - (McAfee, Inc.)
Netlogon - %SystemRoot%\system32\lsass.exe - (Microsoft Corporation)
PCI Configuration - Driver Group
PlugPlay - %SystemRoot%\system32\services.exe - (Microsoft Corporation)
PNP Filter - Driver Group
Primary disk - Driver Group
RpcSs - %SystemRoot%\System32\rpcss.dll - (Microsoft Corporation)
SCSI Class - Driver Group
sermouse.sys - Driver
sr.sys - %SystemRoot%\system32\DRIVERS\sr.sys - (Microsoft Corporation)
SRService - %SystemRoot%\system32\srsvc.dll - (Microsoft Corporation)
System Bus Extender - Driver Group
vds - Service
vga.sys - Driver
vgasave.sys - %SystemRoot%\System32\drivers\vga.sys - (Microsoft Corporation)
WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll - (Microsoft Corporation)
{36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} - System
{4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices


========== SafeBoot-Network Settings ==========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\

AFD - %SystemRoot%\System32\drivers\afd.sys - (Microsoft Corporation)
AppMgmt - %SystemRoot%\System32\appmgmts.dll - (Microsoft Corporation)
Base - Driver Group
Boot Bus Extender - Driver Group
Boot file system - Driver Group
Browser - %SystemRoot%\System32\browser.dll - (Microsoft Corporation)
CryptSvc - %SystemRoot%\System32\cryptsvc.dll - (Microsoft Corporation)
DcomLaunch - %SystemRoot%\system32\rpcss.dll - (Microsoft Corporation)
Dhcp - %SystemRoot%\System32\dhcpcsvc.dll - (Microsoft Corporation)
dmadmin - %SystemRoot%\System32\dmadmin.exe - (Microsoft Corp., Veritas Software)
dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys - (Microsoft Corp., Veritas Software)
dmio.sys - %SystemRoot%\System32\drivers\dmio.sys - (Microsoft Corp., Veritas Software)
dmload.sys - %SystemRoot%\System32\drivers\dmload.sys - (Microsoft Corp., Veritas Software.)
dmserver - %SystemRoot%\System32\dmserver.dll - (Microsoft Corp.)
DnsCache - %SystemRoot%\System32\dnsrslvr.dll - (Microsoft Corporation)
EventLog - %SystemRoot%\system32\services.exe - (Microsoft Corporation)
File system - Driver Group
Filter - Driver Group
HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (Microsoft Corporation)
ip6fw.sys - %SystemRoot%\system32\drivers\ip6fw.sys - (Microsoft Corporation)
ipnat.sys - %SystemRoot%\system32\DRIVERS\ipnat.sys - (Microsoft Corporation)
LanmanServer - %SystemRoot%\System32\srvsvc.dll - (Microsoft Corporation)
LanmanWorkstation - %SystemRoot%\System32\wkssvc.dll - (Microsoft Corporation)
Lavasoft Ad-Aware Service - %ProgramFiles%\Lavasoft\Ad-Aware\AAWService.exe - (Lavasoft)
LmHosts - %SystemRoot%\System32\lmhsvc.dll - (Microsoft Corporation)
mcmscsvc - %ProgramFiles%\McAfee\MSC\mcmscsvc.exe - (McAfee, Inc.)
MCODS - %ProgramFiles%\McAfee\VirusScan\mcods.exe - (McAfee, Inc.)
Messenger - %SystemRoot%\System32\msgsvc.dll - (Microsoft Corporation)
MpfService - %ProgramFiles%\McAfee\MPF\MPFSrv.exe - (McAfee, Inc.)
NDIS - %SystemRoot%\System32\drivers\ndis.sys - (Microsoft Corporation)
NDIS Wrapper - Driver Group
Ndisuio - %SystemRoot%\system32\DRIVERS\ndisuio.sys - (Microsoft Corporation)
NetBIOS - %SystemRoot%\system32\DRIVERS\netbios.sys - (Microsoft Corporation)
NetBIOSGroup - Driver Group
NetBT - %SystemRoot%\system32\DRIVERS\netbt.sys - (Microsoft Corporation)
NetDDEGroup - Driver Group
Netlogon - %SystemRoot%\system32\lsass.exe - (Microsoft Corporation)
NetMan - %SystemRoot%\System32\netman.dll - (Microsoft Corporation)
Network - Driver Group
NetworkProvider - Driver Group
NtLmSsp - %SystemRoot%\system32\lsass.exe - (Microsoft Corporation)
PCI Configuration - Driver Group
PlugPlay - %SystemRoot%\system32\services.exe - (Microsoft Corporation)
PNP Filter - Driver Group
PNP_TDI - Driver Group
Primary disk - Driver Group
rdpcdd.sys - %SystemRoot%\System32\DRIVERS\RDPCDD.sys - (Microsoft Corporation)
rdpdd.sys - %SystemRoot%\System32\rdpdd.dll - (Microsoft Corporation)
rdpwd.sys - %SystemRoot%\System32\drivers\rdpwd.sys - (Microsoft Corporation)
rdsessmgr - %SystemRoot%\system32\sessmgr.exe - (Microsoft Corporation)
RpcSs - %SystemRoot%\System32\rpcss.dll - (Microsoft Corporation)
SCSI Class - Driver Group
sermouse.sys - Driver
SharedAccess - %SystemRoot%\System32\ipnathlp.dll - (Microsoft Corporation)
sr.sys - %SystemRoot%\system32\DRIVERS\sr.sys - (Microsoft Corporation)
SRService - %SystemRoot%\system32\srsvc.dll - (Microsoft Corporation)
Streams Drivers - Driver Group
System Bus Extender - Driver Group
Tcpip - %SystemRoot%\system32\DRIVERS\tcpip.sys - (Microsoft Corporation)
TDI - Driver Group
tdpipe.sys - %SystemRoot%\System32\drivers\tdpipe.sys - (Microsoft Corporation)
tdtcp.sys - %SystemRoot%\System32\drivers\tdtcp.sys - (Microsoft Corporation)
termservice - %SystemRoot%\System32\termsrv.dll - (Microsoft Corporation)
vga.sys - Driver
vgasave.sys - %SystemRoot%\System32\drivers\vga.sys - (Microsoft Corporation)
WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll - (Microsoft Corporation)
WZCSVC - %SystemRoot%\System32\wzcsvc.dll - (Microsoft Corporation)
{36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} - Net
{4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} - System
{4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\serauth1.dll >

< %systemroot%\system32\serauth2.dll >

< %systemroot%\system32\sysaudio.sys >

< %systemroot%\system32\wdmaud.sys >

< %systemroot%\system32\aeaudio.sys >

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Administrator_\Desktop\Thumbs.db:encryptable
< End of report >
Rorschach112
Mar 1 2009, 09:40 PM
ok that pc is clean as well

anything else ? otherwise we are done
XZED
Mar 1 2009, 09:42 PM
Nope. I thank you for everything you did for me. You are a credit to the human race.

/John
Boston, MA.
Rorschach112
Mar 1 2009, 10:16 PM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.