Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacthis Logfile For Repair


  • This topic is locked This topic is locked
17 replies to this topic

#1 parker9319

parker9319

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 24 February 2008 - 07:14 PM

hello and thanks in advance to anyone who can help me out....

lot's of issues here.

It started out with just some IE windows popping up on their own, then the slowdown happened....l...i...k...e....I...was in qiuck sand. Now programs won't run, Ad-aware won't run because it says it's running already, teatimer for spybot s&d is constantly telling me that I have start up entries being changed, I am running pc security shield which is basically f-secure, which is in itself a joke. I have a core 2 duo with 2 gb ram. running vista home. at times I completely lose my bar at the bottom of the screen and have to reboot to get it back. I tried to run house call but it keeps locking up my browser. I still get IE browser windows popping up trying to open odd sites, that's why I am using fire fox so much more than I used too. Even when I am in firefox, I will get IE opening on its own, there were some reg sites it was opening about 5 weeks ago, but now it is just gibberish, I need help, not just with my computer, but now it is causing me to possibly seek out psychiatric help as well.


PLEASE HELP IF YOU CAN!!!

Here is my hijack this lig file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:48 PM, on 2/24/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\WTablet\TabUserW.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\PCSecurityShield\Common\FSLAUNCH.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
c:\Users\Parker\Desktop\Utilities and DownLoads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...w.google.com/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6D10474C-AABE-4DEA-B88F-8FA5C57152C2} - \
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PCSecurityShield\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PCSecurityShield\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Parker\AppData\Local\Temp\byvvu.dll,c
O4 - HKCU\..\Run: [d6f0c991] rundll32.exe "C:\Users\Parker\AppData\Local\Temp\rlwshgep.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office03\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: wvustqo - C:\Windows\SYSTEM32\wvustqo.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PCSecurityShield\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PCSecurityShield\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PCSecurityShield\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PCSecurityShield\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 10049 bytes

BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:46 AM

Posted 10 March 2008 - 12:26 PM

Hello parker9319

Welcome to Bleeping Computer :thumbsup:

Sorry about the delay.:blink: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 parker9319

parker9319
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 10 March 2008 - 02:32 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:06 PM, on 3/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\PCSecurityShield\Common\FSM32.EXE
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\PCSecurityShield\FSGUI\fsguidll.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Toshiba\IVP\ISM\ivpsvmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Parker\Desktop\Utilities and DownLoads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...w.google.com/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6D10474C-AABE-4DEA-B88F-8FA5C57152C2} - \
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PCSecurityShield\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PCSecurityShield\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Parker\AppData\Local\Temp\byvvu.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office03\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: wvustqo - wvustqo.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PCSecurityShield\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PCSecurityShield\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PCSecurityShield\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PCSecurityShield\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

#4 parker9319

parker9319
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 10 March 2008 - 02:42 PM

once again...thanks in advance. Not having the ie windows pop up anymore, but system goes into slowdown pretty regularly, still thinking something is amiss with the system...

parker9319

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:46 AM

Posted 10 March 2008 - 02:48 PM

Hello,

Your log is still showing Alcan infected files, which would explain why the PC is still not running right.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

!!Be sure to run this tool as Administrator!!

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 parker9319

parker9319
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 10 March 2008 - 05:43 PM

here you go...combofix first followed by hijackthis



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f6f69a9-9352-11dc-b2e5-0016d48fe898}]
\shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8091670c-c491-11db-8894-0016d48fe898}]
\shell\AutoRun\command - E:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-10 22:27:48 C:\Windows\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\PCSecurityShield\Anti-Virus\fsav.exe[ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\PCSecurityShield\Anti-Virus\report.txt (C:\PROGRA~1\PCSecurityShield\Anti-Virus.SYSTEM#Task added by F-Secure Anti-Virus.
"2008-03-10 18:31:24 C:\Windows\Tasks\User_Feed_Synchronization-{80A5628D-EEAA-493E-BAAE-073A5EBFCBA6}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 18:29:46
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\PCSecurityShield\Anti-Virus\fsgk32st.exe
C:\Program Files\PCSecurityShield\Anti-Virus\FSGK32.EXE
C:\Program Files\PCSecurityShield\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PCSecurityShield\Common\FSMB32.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Windows\system32\Tablet.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PCSecurityShield\Common\FCH32.EXE
C:\Program Files\PCSecurityShield\Anti-Virus\fsqh.exe
C:\Program Files\PCSecurityShield\Common\FAMEH32.EXE
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\system32\Tablet.exe
C:\Program Files\PCSecurityShield\FSAUA\program\fsaua.exe
C:\Program Files\PCSecurityShield\Anti-Virus\fssm32.exe
C:\Program Files\PCSecurityShield\FWES\Program\fsdfwd.exe
C:\Program Files\PCSecurityShield\FSAUA\program\fsus.exe
C:\Program Files\PCSecurityShield\Anti-Virus\fsav32.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\PCSecurityShield\FSGUI\fsguidll.exe
C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2008-03-10 18:34:10 - machine was rebooted [Parker]
ComboFix-quarantined-files.txt 2008-03-10 22:34:01
.
2008-03-10 20:24:58 --- E O F ---







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:01 PM, on 3/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\PCSecurityShield\Common\FSM32.EXE
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Explorer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\PCSecurityShield\FSGUI\fsguidll.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Parker\Desktop\Utilities and DownLoads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...w.google.com/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6D10474C-AABE-4DEA-B88F-8FA5C57152C2} - \
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PCSecurityShield\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PCSecurityShield\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office03\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: wvustqo - wvustqo.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PCSecurityShield\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PCSecurityShield\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PCSecurityShield\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PCSecurityShield\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 9387 bytes

#7 parker9319

parker9319
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 10 March 2008 - 05:45 PM

here you go...combofix first followed by hijackthis



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f6f69a9-9352-11dc-b2e5-0016d48fe898}]
\shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8091670c-c491-11db-8894-0016d48fe898}]
\shell\AutoRun\command - E:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-10 22:27:48 C:\Windows\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\PCSecurityShield\Anti-Virus\fsav.exe[ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\PCSecurityShield\Anti-Virus\report.txt (C:\PROGRA~1\PCSecurityShield\Anti-Virus.SYSTEM#Task added by F-Secure Anti-Virus.
"2008-03-10 18:31:24 C:\Windows\Tasks\User_Feed_Synchronization-{80A5628D-EEAA-493E-BAAE-073A5EBFCBA6}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 18:29:46
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\PCSecurityShield\Anti-Virus\fsgk32st.exe
C:\Program Files\PCSecurityShield\Anti-Virus\FSGK32.EXE
C:\Program Files\PCSecurityShield\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PCSecurityShield\Common\FSMB32.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Windows\system32\Tablet.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PCSecurityShield\Common\FCH32.EXE
C:\Program Files\PCSecurityShield\Anti-Virus\fsqh.exe
C:\Program Files\PCSecurityShield\Common\FAMEH32.EXE
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\system32\Tablet.exe
C:\Program Files\PCSecurityShield\FSAUA\program\fsaua.exe
C:\Program Files\PCSecurityShield\Anti-Virus\fssm32.exe
C:\Program Files\PCSecurityShield\FWES\Program\fsdfwd.exe
C:\Program Files\PCSecurityShield\FSAUA\program\fsus.exe
C:\Program Files\PCSecurityShield\Anti-Virus\fsav32.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\PCSecurityShield\FSGUI\fsguidll.exe
C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2008-03-10 18:34:10 - machine was rebooted [Parker]
ComboFix-quarantined-files.txt 2008-03-10 22:34:01
.
2008-03-10 20:24:58 --- E O F ---







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:01 PM, on 3/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\PCSecurityShield\Common\FSM32.EXE
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Explorer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\PCSecurityShield\FSGUI\fsguidll.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Parker\Desktop\Utilities and DownLoads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...w.google.com/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6D10474C-AABE-4DEA-B88F-8FA5C57152C2} - \
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PCSecurityShield\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PCSecurityShield\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office03\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: wvustqo - wvustqo.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PCSecurityShield\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PCSecurityShield\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PCSecurityShield\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PCSecurityShield\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 9387 bytes

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:46 AM

Posted 10 March 2008 - 06:18 PM

Hi,

The ComboFix log isn't complete.....could you please try to post it again? :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 parker9319

parker9319
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 10 March 2008 - 06:29 PM

ComboFix 08-03-10.1 - Parker 2008-03-10 18:21:55.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1042 [GMT -4:00]
Running from: C:\Users\Parker\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\abW9
C:\Temp\abW9\tOasF.log
C:\temp\tn3
C:\Users\Parker\AppData\Roaming\inst.exe
C:\Windows\system32\a1
C:\Windows\system32\e1
C:\Windows\system32\g2
C:\Windows\system32\g2\bemwdll3.0xe
C:\Windows\system32\i2
C:\Windows\system32\n8
C:\Windows\system32\n8\ensts2dll.0xe
C:\Windows\system32\pac.txt
C:\Windows\system32\rMa07yy
C:\Windows\system32\rMa07yy\rMa07yy1084.0xe
C:\winlogon.exe
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_CORE


((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))
.

2008-03-03 22:00 . 2008-03-03 22:00 3,120 --a------ C:\Windows\System32\ALLFSAF6a.ocx
2008-02-29 17:19 . 2007-08-14 22:26 289,792 --a------ C:\Windows\System32\drivers\sfsz.sys
2008-02-29 17:19 . 2007-08-08 20:55 163,927 --a------ C:\Windows\System32\ZSANCoInst.dll
2008-02-29 17:19 . 2007-08-08 20:57 15,488 --a------ C:\Windows\System32\drivers\ZetBus.sys
2008-02-29 17:19 . 2007-08-08 20:57 13,824 --a------ C:\Windows\System32\drivers\ZetSFD.sys
2008-02-29 17:19 . 2007-08-08 20:57 6,656 --a------ C:\Windows\System32\drivers\ZetMPD.sys
2008-02-24 21:55 . 2008-02-24 21:55 <DIR> d-------- C:\Program Files\CCleaner
2008-02-24 20:51 . 2008-02-24 21:21 <DIR> d-------- C:\VundoFix Backups
2008-02-24 19:29 . 2008-02-24 19:29 30,016 --a------ C:\Windows\System32\drivers\fsndis5.sys
2008-02-19 04:22 . 2008-02-19 04:22 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-19 04:22 . 2008-02-19 04:22 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-19 04:12 . 2008-02-19 04:12 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-19 04:12 . 2008-02-19 04:12 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-19 04:04 . 2008-02-19 04:04 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-18 04:13 . 2008-02-18 04:13 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-18 04:13 . 2008-02-18 04:13 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-18 04:13 . 2008-02-18 04:13 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-18 04:13 . 2008-02-18 04:13 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-18 04:13 . 2008-02-18 04:13 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-18 04:13 . 2008-02-18 04:13 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-18 04:13 . 2008-02-18 04:13 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-18 04:09 . 2008-02-18 04:09 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-18 04:09 . 2008-02-18 04:09 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-18 04:09 . 2008-02-18 04:09 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-18 04:09 . 2008-02-18 04:09 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-18 04:09 . 2008-02-18 04:09 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-18 04:04 . 2008-02-18 04:05 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-02-18 04:04 . 2008-02-18 04:04 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-02-18 04:04 . 2008-02-18 04:04 26,624 --a------ C:\Windows\System32\ieUnatt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 22:28 --------- d-----w C:\Users\Parker\AppData\Roaming\WTablet
2008-03-05 02:39 --------- d-----w C:\Program Files\Google
2008-03-04 01:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 02:15 --------- d-----w C:\ProgramData\WildTangent
2008-03-02 19:05 --------- d-----w C:\Users\Parker\AppData\Roaming\Vso
2008-02-29 21:19 --------- d-----w C:\Program Files\NETGEAR
2008-02-29 05:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-25 01:31 --------- d-----w C:\Program Files\PCSecurityShield
2008-02-19 08:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-19 08:12 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-19 08:12 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-19 08:12 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-18 08:05 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-18 08:05 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-16 20:16 --------- d-----w C:\ProgramData\ZoomBrowser
2008-01-17 08:08 --------- d-----w C:\Program Files\Windows Mail
2008-01-14 00:48 --------- d-----w C:\Program Files\MSECache
2008-01-11 08:07 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-11 08:07 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-11 08:06 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-11 08:05 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 03:35 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2007-12-17 08:27 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-17 08:27 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-17 08:27 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-09-10 07:11 174 --sha-w C:\Program Files\desktop.ini
2007-05-24 23:41 47,360 ----a-w C:\Users\Parker\AppData\Roaming\pcouffin.sys
2006-12-01 01:07 262,144 ----a-w C:\ProgramData\ntuser.dat
2007-04-21 06:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-04-21 06:04 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-04-21 06:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2005-07-29 21:24 472 --sha-r C:\Windows\UGFya2Vy\o3IVuZpV.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D10474C-AABE-4DEA-B88F-8FA5C57152C2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 18:22 417792]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 12:18 307200]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 13:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 13:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 13:02 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 17:50 815104]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-13 03:02 1006264]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 12:06 413696]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-18 20:06 421888]
"PINGER"="C:\TOSHIBA\IVP\ISM\pinger.exe" [2006-07-20 16:45 151552]
"NDSTray.exe"="NDSTray.exe" []
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 14:57 3784704 C:\Windows\RtHDVCpl.exe]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-11-22 21:08 409264]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [2007-06-19 09:21 61440]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2006-11-20 16:15 446128]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [ ]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 21:14 34352]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-11-28 16:19 52912]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-11-29 00:05 523952]
"F-Secure Manager"="C:\Program Files\PCSecurityShield\Common\FSM32.exe" [2007-04-26 07:43 176177]
"F-Secure TNB"="C:\Program Files\PCSecurityShield\FSGUI\TNBUtil.exe" [2007-04-26 07:41 733184]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 05:45 222208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvustqo]
wvustqo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\Parker\AppData\Local\Temp\byvvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d6f0c991]
C:\Users\Parker\AppData\Local\Temp\kttmapjh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 16:51 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2005-12-16 06:41 188416 C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBXCATS]
--a------ 2004-11-02 11:08 69632 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBXtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2006-04-29 09:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7CA7EC9F-813F-4C25-BEFF-A1688D891C72}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{4BDCEFAB-309A-4C11-ACC8-42330EDBDD0C}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{D24C11A1-7A6B-4419-B1A2-DAAADFCB1D36}"= Disabled:UDP:135:TCP Port 135
"{1CAA82EE-6CA2-4DAC-88E0-6A3D7A995963}"= Disabled:UDP:5000:TCP Port 5000
"{32706D17-7F09-4DFE-B08F-FA2135B9839B}"= Disabled:UDP:5001:TCP Port 5001
"{A0A3C06E-0E97-46AC-AD88-BE0F70679BE0}"= Disabled:UDP:5002:TCP Port 5002
"{9A95666D-E60D-4C8C-8A05-1555EAB86840}"= Disabled:UDP:5003:TCP Port 5003
"{539DDC88-B9A4-4021-99F7-54C5FF3E79C6}"= Disabled:UDP:5004:TCP Port 5004
"{135D9091-7A30-4E7D-82AD-CA6AA6482CA4}"= Disabled:UDP:5005:TCP Port 5005
"{2210B3A0-B209-42BF-BD5D-AF3D21E20D38}"= Disabled:UDP:5006:TCP Port 5006
"{076CEFFC-58A3-48BA-B0B8-124B16DE6B96}"= Disabled:UDP:5007:TCP Port 5007
"{7E76D7B8-BDA7-4EAD-8CE1-7D6677504A7A}"= Disabled:UDP:5008:TCP Port 5008
"{873CA11B-3D3B-4BCD-A4D2-934240419E9A}"= Disabled:UDP:5009:TCP Port 5009
"{25C50FC1-83DA-42AC-8F0B-0C5B59D04BDB}"= Disabled:UDP:5010:TCP Port 5010
"{908B9A64-208E-4B70-89ED-057C67B1CDAF}"= Disabled:UDP:5011:TCP Port 5011
"{6056A332-DC09-4353-AB78-1A35E0D41579}"= Disabled:UDP:5012:TCP Port 5012
"{7E6FE045-7CD0-4F20-8272-7E71A5844AAF}"= Disabled:UDP:5013:TCP Port 5013
"{227497B2-38B0-4008-ACC8-4D486348C9BC}"= Disabled:UDP:5014:TCP Port 5014
"{6EC02198-DCE8-45B4-8F76-9D9D0A8F6986}"= Disabled:UDP:5015:TCP Port 5015
"{1F66EFD0-44E1-46C3-A2B4-B66DBD4E358A}"= Disabled:UDP:5016:TCP Port 5016
"{C9A062C5-5653-43C1-9846-6BFD3931BB24}"= Disabled:UDP:5017:TCP Port 5017
"{534E6688-7472-4B29-8F4E-4FFEBC73AD5F}"= Disabled:UDP:5018:TCP Port 5018
"{6E139AE2-00A0-4C40-A968-22E254A82567}"= Disabled:UDP:5019:TCP Port 5019
"{3939FB03-A2AA-4375-B1D9-E3882C6A1F6B}"= Disabled:UDP:5020:TCP Port 5020
"{DD318440-C5CC-46E0-A21A-67FB90F769E8}"= UDP:C:\Windows\System32\lxbxcoms.exe:7100 Series Server
"{A88AC5C5-38C2-4E97-A7E1-2E83B52E558D}"= TCP:C:\Windows\System32\lxbxcoms.exe:7100 Series Server
"{70ABD345-5C5C-4356-9C76-A56B539B3D43}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxbxPSWX.EXE:7100 Series Printer Status
"{0DB26AD5-ABE9-44C5-B666-1C49B41D999E}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxbxPSWX.EXE:7100 Series Printer Status
"{6CD53628-3FE2-4D7B-A80B-2D44EB7664AF}"= UDP:C:\Windows\System32\lxbxcoms.exe:7100 Series Server
"{B463D776-DE87-46A0-A5ED-7EF4E47B99FC}"= TCP:C:\Windows\System32\lxbxcoms.exe:7100 Series Server
"TCP Query User{B112E9EF-5C7C-4DF1-AAA4-443D08D21318}C:\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer|Desc=LimeWire swarmed installer
"UDP Query User{72C55BB4-78B5-4BC4-B9CC-095340EBD144}C:\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer|Desc=LimeWire swarmed installer
"{2CA3AEF8-6710-4FBC-AF6B-9469FC2FD834}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{AC60019D-5F5C-4671-ABB4-43F6959BD5E9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{81D8EAC6-0BE2-47D9-BFC6-2EC05827846E}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{1E327E19-FEC5-424B-BFB5-C26847F51B2F}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{5131E132-177F-42A0-9784-A0C561FC2EF5}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{92F8C102-6856-403A-956C-59F22131A961}C:\users\parker\program files\bittorrent_dna\dna.exe"= UDP:C:\users\parker\program files\bittorrent_dna\dna.exe:dna.exe|Desc=dna.exe
"UDP Query User{373D7E4F-04F4-4C32-861F-ACF3D80F9A64}C:\users\parker\program files\bittorrent_dna\dna.exe"= TCP:C:\users\parker\program files\bittorrent_dna\dna.exe:dna.exe|Desc=dna.exe
"TCP Query User{689734C8-103B-4973-AD19-99EC8728B1BD}C:\program files\bittorrent\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
"UDP Query User{24A7846D-B3A3-4755-99B9-A786494CE788}C:\program files\bittorrent\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
"{4ED084B6-8CBB-49A9-80A6-708817C1EBC0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{110000B5-7A59-4E74-B94C-3013E7A1741C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2090BA50-3242-47B5-B188-1EDD5E283561}"= TCP:20001:MicroSAN
"{627327D2-D9EB-4477-9D02-902248F0B8BC}"= TCP:1900:MicroSAN
"{110B7496-9DD9-4CF1-945B-CBF79AF90620}"= UDP:80:Web

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {E20D32E9-F3E5-4233-8AB2-A704E95AF2B2}

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe"= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"C:\TOSHIBA\Ivp\ISM\pinger.exe"= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 20:25]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\PCSecurityShield\HIPS\fshs.sys [2008-02-24 19:28]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-04-26 07:43]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-04-26 07:42]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\PCSecurityShield\Anti-Virus\minifilter\fsvista.sys [2007-04-26 07:42]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 05:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;C:\Windows\system32\drivers\sfsz.sys [2007-08-14 22:26]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-11-01 02:40]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 05:45]
R2 Z-SANService;Z-SAN Service;C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe [2007-08-08 20:54]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\PCSecurityShield\Anti-Virus\minifilter\fsgk.sys [2007-04-26 07:42]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 14:29]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 14:12]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-04 13:35]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 15:50]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2006-02-14 13:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2006-11-15 11:55]
R3 ZetBus;Zetera Virtual Bus;C:\Windows\system32\DRIVERS\ZetBus.sys [2007-08-08 20:57]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 13:42]
S3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 20:32]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 04:55]
S3 ZetMPD;ZetMPD;C:\Windows\system32\DRIVERS\ZetMPD.sys [2007-08-08 20:57]
S3 ZetSFD;Zetera Storage Class Filter Driver;C:\Windows\system32\DRIVERS\ZetSFD.sys [2007-08-08 20:57]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\PCSecurityShield\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 07:42]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\PCSecurityShield\Anti-Virus\Win2K\FSrec.sys [2007-04-26 07:42]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2006-02-14 14:50]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2005-09-27 19:57]
S4 KR3NPXP;KR3NPXP;C:\Windows\system32\drivers\kr3npxp.sys [2006-09-27 23:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
rsmsvcs REG_MULTI_SZ ntmssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f6f69a9-9352-11dc-b2e5-0016d48fe898}]
\shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8091670c-c491-11db-8894-0016d48fe898}]
\shell\AutoRun\command - E:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-10 22:27:48 C:\Windows\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\PCSecurityShield\Anti-Virus\fsav.exe[ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\PCSecurityShield\Anti-Virus\report.txt (C:\PROGRA~1\PCSecurityShield\Anti-Virus.SYSTEM#Task added by F-Secure Anti-Virus.
"2008-03-10 18:31:24 C:\Windows\Tasks\User_Feed_Synchronization-{80A5628D-EEAA-493E-BAAE-073A5EBFCBA6}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 18:29:46
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\PCSecurityShield\Anti-Virus\fsgk32st.exe
C:\Program Files\PCSecurityShield\Anti-Virus\FSGK32.EXE
C:\Program Files\PCSecurityShield\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PCSecurityShield\Common\FSMB32.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Windows\system32\Tablet.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PCSecurityShield\Common\FCH32.EXE
C:\Program Files\PCSecurityShield\Anti-Virus\fsqh.exe
C:\Program Files\PCSecurityShield\Common\FAMEH32.EXE
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\system32\Tablet.exe
C:\Program Files\PCSecurityShield\FSAUA\program\fsaua.exe
C:\Program Files\PCSecurityShield\Anti-Virus\fssm32.exe
C:\Program Files\PCSecurityShield\FWES\Program\fsdfwd.exe
C:\Program Files\PCSecurityShield\FSAUA\program\fsus.exe
C:\Program Files\PCSecurityShield\Anti-Virus\fsav32.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\PCSecurityShield\FSGUI\fsguidll.exe
C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2008-03-10 18:34:10 - machine was rebooted [Parker]
ComboFix-quarantined-files.txt 2008-03-10 22:34:01
.
2008-03-10 20:24:58 --- E O F ---

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:46 AM

Posted 10 March 2008 - 07:43 PM

Hello,

I'm obligated to tell you that you run a great risk by running all those P2P programs. The torrent sites are particularly bad even if you're careful. :thumbsup:

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

Folder::
C:\Windows\UGFya2Vy

File::
C:\Users\Parker\AppData\Local\Temp\byvvu.dll
C:\Users\Parker\AppData\Local\Temp\kttmapjh.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D10474C-AABE-4DEA-B88F-8FA5C57152C2}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvustqo]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d6f0c991]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 parker9319

parker9319
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 10 March 2008 - 08:05 PM

i thought that the only one i had was limewire. I'm sure that is what infected me in the first time and I will be removing it, you said "all those p2p"?

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:46 AM

Posted 10 March 2008 - 08:13 PM

Hi,

Yes, if you look in the ComboFix log you'll see there are entries for utorrent and bittorrent.

UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
C:\program files\bittorrent\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 parker9319

parker9319
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 10 March 2008 - 08:32 PM

ComboFix 08-03-10.1 - Parker 2008-03-10 21:10:47.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.979 [GMT -4:00]
Running from: C:\Users\Parker\Desktop\ComboFix.exe
Command switches used :: C:\Users\Parker\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Users\Parker\AppData\Local\Temp\byvvu.dll
C:\Users\Parker\AppData\Local\Temp\kttmapjh.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\UGFya2Vy
C:\Windows\UGFya2Vy\o3IVuZpV.vbs

.
((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))
.

2008-03-10 21:07 . 2008-03-10 21:07 <DIR> d-------- C:\Users\All Users\Apple
2008-03-10 21:07 . 2008-03-10 21:07 <DIR> d-------- C:\ProgramData\Apple
2008-03-10 19:54 . 2008-03-10 19:54 <DIR> d-------- C:\Users\Parker\AppData\Roaming\Toshiba
2008-03-03 22:00 . 2008-03-03 22:00 3,120 --a------ C:\Windows\System32\ALLFSAF6a.ocx
2008-02-29 17:19 . 2007-08-14 22:26 289,792 --a------ C:\Windows\System32\drivers\sfsz.sys
2008-02-29 17:19 . 2007-08-08 20:55 163,927 --a------ C:\Windows\System32\ZSANCoInst.dll
2008-02-29 17:19 . 2007-08-08 20:57 15,488 --a------ C:\Windows\System32\drivers\ZetBus.sys
2008-02-29 17:19 . 2007-08-08 20:57 13,824 --a------ C:\Windows\System32\drivers\ZetSFD.sys
2008-02-29 17:19 . 2007-08-08 20:57 6,656 --a------ C:\Windows\System32\drivers\ZetMPD.sys
2008-02-24 21:55 . 2008-02-24 21:55 <DIR> d-------- C:\Program Files\CCleaner
2008-02-24 20:51 . 2008-02-24 21:21 <DIR> d-------- C:\VundoFix Backups
2008-02-24 19:29 . 2008-02-24 19:29 30,016 --a------ C:\Windows\System32\drivers\fsndis5.sys
2008-02-19 04:22 . 2008-02-19 04:22 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-19 04:22 . 2008-02-19 04:22 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-19 04:12 . 2008-02-19 04:12 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-19 04:12 . 2008-02-19 04:12 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-19 04:04 . 2008-02-19 04:04 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-18 04:13 . 2008-02-18 04:13 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-18 04:13 . 2008-02-18 04:13 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-18 04:13 . 2008-02-18 04:13 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-18 04:13 . 2008-02-18 04:13 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-18 04:13 . 2008-02-18 04:13 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-18 04:13 . 2008-02-18 04:13 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-18 04:13 . 2008-02-18 04:13 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-18 04:09 . 2008-02-18 04:09 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-18 04:09 . 2008-02-18 04:09 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-18 04:09 . 2008-02-18 04:09 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-18 04:09 . 2008-02-18 04:09 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-18 04:09 . 2008-02-18 04:09 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-18 04:04 . 2008-02-18 04:05 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-02-18 04:04 . 2008-02-18 04:04 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-02-18 04:04 . 2008-02-18 04:04 26,624 --a------ C:\Windows\System32\ieUnatt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-11 01:07 --------- d-----w C:\Program Files\Apple Software Update
2008-03-11 00:21 --------- d-----w C:\Users\Parker\AppData\Roaming\Vso
2008-03-10 22:28 --------- d-----w C:\Users\Parker\AppData\Roaming\WTablet
2008-03-05 02:39 --------- d-----w C:\Program Files\Google
2008-03-04 01:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 02:15 --------- d-----w C:\ProgramData\WildTangent
2008-02-29 21:19 --------- d-----w C:\Program Files\NETGEAR
2008-02-29 05:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-25 01:31 --------- d-----w C:\Program Files\PCSecurityShield
2008-02-19 08:13 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-19 08:12 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-19 08:12 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-19 08:12 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-18 08:05 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-18 08:05 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-16 20:16 --------- d-----w C:\ProgramData\ZoomBrowser
2008-01-17 08:08 --------- d-----w C:\Program Files\Windows Mail
2008-01-14 00:48 --------- d-----w C:\Program Files\MSECache
2008-01-11 08:07 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-11 08:07 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-11 08:06 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-11 08:05 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-12-17 08:27 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-17 08:27 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-17 08:27 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-09-10 07:11 174 --sha-w C:\Program Files\desktop.ini
2007-05-24 23:41 47,360 ----a-w C:\Users\Parker\AppData\Roaming\pcouffin.sys
2006-12-01 01:07 262,144 ----a-w C:\ProgramData\ntuser.dat
2007-04-21 06:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-04-21 06:04 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-04-21 06:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-03-10_18.33.02.99 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-09 22:19:48 2,585,936 ----a-r C:\Windows\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2006-06-19 22:34:24 514,776 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.7969\INTLNAME.DLL
+ 2007-04-19 18:54:56 169,312 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\ACCWIZ.DLL
+ 2007-04-19 19:10:18 45,920 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\AUTHZAX.DLL
+ 2007-03-23 00:29:56 99,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\AW.DLL
+ 2007-03-23 00:23:32 19,800 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\DSITF.DLL
+ 2007-05-10 18:44:02 121,688 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\DSSM.EXE
+ 2007-03-23 00:29:28 43,360 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\DWDCW20.DLL
+ 2007-03-23 00:29:28 39,264 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\DWTRIG20.EXE
+ 2007-05-31 18:41:06 10,352,472 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-06-06 14:53:34 1,195,888 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\FM20.DLL
+ 2007-06-06 17:46:12 1,961,312 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\FPCUTL.DLL
+ 2007-04-19 19:15:26 192,344 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\FPDTC.DLL
+ 2007-04-19 18:47:40 186,208 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\FPERSON.DLL
+ 2007-05-31 17:50:10 1,168,736 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\FPSRVUTL.DLL
+ 2007-04-19 18:16:14 807,256 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\FPWEC.DLL
+ 2007-04-19 19:10:30 116,576 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\IEAWSDC.DLL
+ 2006-06-19 22:34:24 346,840 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\METCONV.DLL
+ 2007-05-10 18:43:12 6,688,096 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSACCESS.EXE
+ 2007-01-17 01:32:54 136,032 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSAEXP30.DLL
+ 2007-04-19 19:10:38 131,424 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSB1CORE.DLL
+ 2007-04-19 19:10:06 52,576 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSB1XTOR.DLL
+ 2007-04-19 19:01:52 238,424 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2005-05-04 08:06:28 465,640 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2005-05-04 08:06:30 1,411,816 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2007-04-30 19:11:38 89,440 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSENCODE.DLL
+ 2007-03-23 00:16:44 134,496 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSJSPP40.DLL
+ 2007-03-23 00:29:16 20,824 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSMH.DLL
+ 2007-06-18 22:16:32 12,259,160 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-04-19 19:10:34 127,840 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSOAUTH.DLL
+ 2007-03-23 00:29:22 31,072 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSODCW.DLL
+ 2007-04-19 18:56:58 29,024 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSOEURO.DLL
+ 2007-04-19 19:07:38 61,280 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSOHTMED.EXE
+ 2006-09-27 05:01:30 2,113,536 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSOLAP80.DLL
+ 2005-09-20 16:33:08 1,293,008 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSONSEXT.DLL
+ 2007-04-19 18:49:28 383,328 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSORUN.DLL
+ 2007-04-19 19:07:24 36,192 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSOSTYLE.DLL
+ 2007-03-23 00:29:24 39,256 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSOSV.DLL
+ 2007-03-23 00:13:38 45,408 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSOXEV.DLL
+ 2007-03-23 00:13:38 58,720 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSOXMLED.EXE
+ 2007-04-19 18:57:40 46,432 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSOXMLMF.DLL
+ 2007-04-19 19:03:54 648,544 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSQRY32.EXE
+ 2007-03-23 00:29:32 44,888 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSSH.DLL
+ 2007-04-19 19:00:30 637,792 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSTORDB.EXE
+ 2007-04-19 19:00:22 130,912 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSTORE.EXE
+ 2007-04-19 19:00:30 489,824 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSTORES.DLL
+ 2007-04-19 19:10:26 80,216 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\NAME.DLL
+ 2007-03-23 00:23:30 17,248 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\NPOFFICE.DLL
+ 2007-04-19 19:09:46 1,061,720 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2007-03-14 18:10:22 7,255,384 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\OWC10.DLL
+ 2007-05-31 18:35:22 6,420,320 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-03-23 00:05:34 434,016 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\PP4X322.DLL
+ 2007-03-23 00:05:22 97,632 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2007-04-19 18:49:56 1,661,280 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
+ 2007-06-06 17:07:40 100,192 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\REFEDIT.DLL
+ 2007-04-19 19:10:18 63,840 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\REFIEBAR.DLL
+ 2007-04-19 19:10:44 355,680 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\SELFCERT.EXE
+ 2007-04-19 19:10:20 65,888 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\SEQCHK10.DLL
+ 2007-04-19 19:04:10 390,496 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\SETLANG.EXE
+ 2007-03-23 00:29:16 14,704 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\SMARTTAGINSTALL.EXE
+ 2007-05-10 18:42:52 450,392 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\SOA.DLL
+ 2007-05-10 18:42:52 2,839,904 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\STSLIST.DLL
+ 2007-04-19 19:10:22 71,008 ----a-r C:\Windows\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\UNBIND.EXE
- 2008-02-19 08:17:28 593,920 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-03-10 23:03:00 593,920 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-02-19 08:17:28 12,288 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-03-10 23:03:00 12,288 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-02-19 08:17:29 86,016 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-03-10 23:03:00 86,016 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-02-19 08:17:27 135,168 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-03-10 23:02:58 135,168 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-02-19 08:17:29 11,264 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-03-10 23:03:01 11,264 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-02-19 08:17:29 27,136 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-03-10 23:03:01 27,136 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-02-19 08:17:29 4,096 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-03-10 23:03:01 4,096 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-02-19 08:17:30 794,624 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-03-10 23:03:01 794,624 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-02-19 08:17:28 249,856 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-03-10 23:02:59 249,856 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-02-19 08:17:27 61,440 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-03-10 23:02:58 61,440 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-02-19 08:17:30 23,040 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-03-10 23:03:01 23,040 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-02-19 08:17:27 286,720 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-03-10 23:02:58 286,720 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-02-19 08:17:27 409,600 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-03-10 23:02:55 409,600 ----a-r C:\Windows\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-03-10 20:24:45 135,168 ----a-r C:\Windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-03-10 23:03:51 135,168 ----a-r C:\Windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-10 20:24:46 4,096 ----a-r C:\Windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-03-10 23:03:51 4,096 ----a-r C:\Windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-10 20:24:45 147,456 ----a-r C:\Windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
+ 2008-03-10 23:03:50 147,456 ----a-r C:\Windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
+ 2008-03-11 01:07:43 27,136 ----a-r C:\Windows\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
- 2008-03-10 21:51:07 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-11 00:42:51 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-10 22:21:16 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-11 01:09:25 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-09 19:46:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-10 22:58:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-09 19:46:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-10 22:58:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-09 19:46:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-10 22:58:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-06-19 22:35:16 41,616 ----a-w C:\Windows\System32\FM20ESN.DLL
+ 2007-04-05 14:26:12 47,328 ----a-w C:\Windows\System32\FM20ESN.DLL
- 2008-03-09 19:33:25 112,756 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-10 22:36:03 112,756 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-09 19:33:25 639,186 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-10 22:36:03 639,186 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-01 23:38:02 10,162 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-629163509-853107145-1692837174-1000_UserData.bin
+ 2008-03-10 22:30:16 10,558 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-629163509-853107145-1692837174-1000_UserData.bin
- 2008-03-09 19:30:13 66,096 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-10 22:30:16 66,166 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-01 00:16:22 77,782 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-10 22:30:13 78,126 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 18:22 417792]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 12:18 307200]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 04:05 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 13:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 13:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 13:02 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 17:50 815104]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-13 03:02 1006264]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 12:06 413696]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-18 20:06 421888]
"PINGER"="C:\TOSHIBA\IVP\ISM\pinger.exe" [2006-07-20 16:45 151552]
"NDSTray.exe"="NDSTray.exe" []
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 14:57 3784704 C:\Windows\RtHDVCpl.exe]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-11-22 21:08 409264]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [2007-06-19 09:21 61440]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2006-11-20 16:15 446128]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [ ]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 21:14 34352]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-11-28 16:19 52912]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-11-29 00:05 523952]
"F-Secure Manager"="C:\Program Files\PCSecurityShield\Common\FSM32.exe" [2007-04-26 07:43 176177]
"F-Secure TNB"="C:\Program Files\PCSecurityShield\FSGUI\TNBUtil.exe" [2007-04-26 07:41 733184]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 05:45 222208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 16:51 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2005-12-16 06:41 188416 C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBXCATS]
--a------ 2004-11-02 11:08 69632 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBXtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2006-04-29 09:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7CA7EC9F-813F-4C25-BEFF-A1688D891C72}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{4BDCEFAB-309A-4C11-ACC8-42330EDBDD0C}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{D24C11A1-7A6B-4419-B1A2-DAAADFCB1D36}"= Disabled:UDP:135:TCP Port 135
"{1CAA82EE-6CA2-4DAC-88E0-6A3D7A995963}"= Disabled:UDP:5000:TCP Port 5000
"{32706D17-7F09-4DFE-B08F-FA2135B9839B}"= Disabled:UDP:5001:TCP Port 5001
"{A0A3C06E-0E97-46AC-AD88-BE0F70679BE0}"= Disabled:UDP:5002:TCP Port 5002
"{9A95666D-E60D-4C8C-8A05-1555EAB86840}"= Disabled:UDP:5003:TCP Port 5003
"{539DDC88-B9A4-4021-99F7-54C5FF3E79C6}"= Disabled:UDP:5004:TCP Port 5004
"{135D9091-7A30-4E7D-82AD-CA6AA6482CA4}"= Disabled:UDP:5005:TCP Port 5005
"{2210B3A0-B209-42BF-BD5D-AF3D21E20D38}"= Disabled:UDP:5006:TCP Port 5006
"{076CEFFC-58A3-48BA-B0B8-124B16DE6B96}"= Disabled:UDP:5007:TCP Port 5007
"{7E76D7B8-BDA7-4EAD-8CE1-7D6677504A7A}"= Disabled:UDP:5008:TCP Port 5008
"{873CA11B-3D3B-4BCD-A4D2-934240419E9A}"= Disabled:UDP:5009:TCP Port 5009
"{25C50FC1-83DA-42AC-8F0B-0C5B59D04BDB}"= Disabled:UDP:5010:TCP Port 5010
"{908B9A64-208E-4B70-89ED-057C67B1CDAF}"= Disabled:UDP:5011:TCP Port 5011
"{6056A332-DC09-4353-AB78-1A35E0D41579}"= Disabled:UDP:5012:TCP Port 5012
"{7E6FE045-7CD0-4F20-8272-7E71A5844AAF}"= Disabled:UDP:5013:TCP Port 5013
"{227497B2-38B0-4008-ACC8-4D486348C9BC}"= Disabled:UDP:5014:TCP Port 5014
"{6EC02198-DCE8-45B4-8F76-9D9D0A8F6986}"= Disabled:UDP:5015:TCP Port 5015
"{1F66EFD0-44E1-46C3-A2B4-B66DBD4E358A}"= Disabled:UDP:5016:TCP Port 5016
"{C9A062C5-5653-43C1-9846-6BFD3931BB24}"= Disabled:UDP:5017:TCP Port 5017
"{534E6688-7472-4B29-8F4E-4FFEBC73AD5F}"= Disabled:UDP:5018:TCP Port 5018
"{6E139AE2-00A0-4C40-A968-22E254A82567}"= Disabled:UDP:5019:TCP Port 5019
"{3939FB03-A2AA-4375-B1D9-E3882C6A1F6B}"= Disabled:UDP:5020:TCP Port 5020
"{DD318440-C5CC-46E0-A21A-67FB90F769E8}"= UDP:C:\Windows\System32\lxbxcoms.exe:7100 Series Server
"{A88AC5C5-38C2-4E97-A7E1-2E83B52E558D}"= TCP:C:\Windows\System32\lxbxcoms.exe:7100 Series Server
"{70ABD345-5C5C-4356-9C76-A56B539B3D43}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxbxPSWX.EXE:7100 Series Printer Status
"{0DB26AD5-ABE9-44C5-B666-1C49B41D999E}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxbxPSWX.EXE:7100 Series Printer Status
"{6CD53628-3FE2-4D7B-A80B-2D44EB7664AF}"= UDP:C:\Windows\System32\lxbxcoms.exe:7100 Series Server
"{B463D776-DE87-46A0-A5ED-7EF4E47B99FC}"= TCP:C:\Windows\System32\lxbxcoms.exe:7100 Series Server
"TCP Query User{B112E9EF-5C7C-4DF1-AAA4-443D08D21318}C:\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer|Desc=LimeWire swarmed installer
"UDP Query User{72C55BB4-78B5-4BC4-B9CC-095340EBD144}C:\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer|Desc=LimeWire swarmed installer
"{2CA3AEF8-6710-4FBC-AF6B-9469FC2FD834}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{AC60019D-5F5C-4671-ABB4-43F6959BD5E9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{81D8EAC6-0BE2-47D9-BFC6-2EC05827846E}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{1E327E19-FEC5-424B-BFB5-C26847F51B2F}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{5131E132-177F-42A0-9784-A0C561FC2EF5}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{92F8C102-6856-403A-956C-59F22131A961}C:\users\parker\program files\bittorrent_dna\dna.exe"= UDP:C:\users\parker\program files\bittorrent_dna\dna.exe:dna.exe|Desc=dna.exe
"UDP Query User{373D7E4F-04F4-4C32-861F-ACF3D80F9A64}C:\users\parker\program files\bittorrent_dna\dna.exe"= TCP:C:\users\parker\program files\bittorrent_dna\dna.exe:dna.exe|Desc=dna.exe
"TCP Query User{689734C8-103B-4973-AD19-99EC8728B1BD}C:\program files\bittorrent\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
"UDP Query User{24A7846D-B3A3-4755-99B9-A786494CE788}C:\program files\bittorrent\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
"{4ED084B6-8CBB-49A9-80A6-708817C1EBC0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{110000B5-7A59-4E74-B94C-3013E7A1741C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2090BA50-3242-47B5-B188-1EDD5E283561}"= TCP:20001:MicroSAN
"{627327D2-D9EB-4477-9D02-902248F0B8BC}"= TCP:1900:MicroSAN
"{110B7496-9DD9-4CF1-945B-CBF79AF90620}"= UDP:80:Web

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {E20D32E9-F3E5-4233-8AB2-A704E95AF2B2}

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe"= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"C:\TOSHIBA\Ivp\ISM\pinger.exe"= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 20:25]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\PCSecurityShield\HIPS\fshs.sys [2008-02-24 19:28]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-04-26 07:43]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2007-04-26 07:42]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\PCSecurityShield\Anti-Virus\minifilter\fsvista.sys [2007-04-26 07:42]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 05:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;C:\Windows\system32\drivers\sfsz.sys [2007-08-14 22:26]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-11-01 02:40]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 05:45]
R2 Z-SANService;Z-SAN Service;C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe [2007-08-08 20:54]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\PCSecurityShield\Anti-Virus\minifilter\fsgk.sys [2007-04-26 07:42]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 14:29]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 14:12]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-04 13:35]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 15:50]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2006-02-14 13:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2006-11-15 11:55]
R3 ZetBus;Zetera Virtual Bus;C:\Windows\system32\DRIVERS\ZetBus.sys [2007-08-08 20:57]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 13:42]
S3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 20:32]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 04:55]
S3 ZetMPD;ZetMPD;C:\Windows\system32\DRIVERS\ZetMPD.sys [2007-08-08 20:57]
S3 ZetSFD;Zetera Storage Class Filter Driver;C:\Windows\system32\DRIVERS\ZetSFD.sys [2007-08-08 20:57]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\PCSecurityShield\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 07:42]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\PCSecurityShield\Anti-Virus\Win2K\FSrec.sys [2007-04-26 07:42]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2006-02-14 14:50]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2005-09-27 19:57]
S4 KR3NPXP;KR3NPXP;C:\Windows\system32\drivers\kr3npxp.sys [2006-09-27 23:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
rsmsvcs REG_MULTI_SZ ntmssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f6f69a9-9352-11dc-b2e5-0016d48fe898}]
\shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8091670c-c491-11db-8894-0016d48fe898}]
\shell\AutoRun\command - E:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-11 00:05:12 C:\Windows\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\PCSecurityShield\Anti-Virus\fsav.exe[ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\PCSecurityShield\Anti-Virus\report.txt (C:\PROGRA~1\PCSecurityShield\Anti-Virus.SYSTEM#Task added by F-Secure Anti-Virus.
"2008-03-10 18:31:24 C:\Windows\Tasks\User_Feed_Synchronization-{80A5628D-EEAA-493E-BAAE-073A5EBFCBA6}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 21:13:50
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-10 21:14:49
ComboFix-quarantined-files.txt 2008-03-11 01:14:46
ComboFix2.txt 2008-03-10 22:34:11
.
2008-03-10 23:03:52 --- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:19 PM, on 3/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\PCSecurityShield\Common\FSM32.EXE
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\PCSecurityShield\FSGUI\fsguidll.exe
C:\Program Files\windows sidebar\sidebar.exe
C:\Program Files\windows sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Parker\Desktop\Utilities and DownLoads\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...w.google.com/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6D10474C-AABE-4DEA-B88F-8FA5C57152C2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PCSecurityShield\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PCSecurityShield\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office03\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: wvustqo - C:\Windows\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PCSecurityShield\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PCSecurityShield\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PCSecurityShield\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PCSecurityShield\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 9593 bytes

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:46 AM

Posted 10 March 2008 - 08:53 PM

Hello,

Looks much better. :thumbsup: How is it running?

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {6D10474C-AABE-4DEA-B88F-8FA5C57152C2} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O20 - Winlogon Notify: wvustqo - C:\Windows\


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Let me know how it's running.....I do believe we're almost done.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 parker9319

parker9319
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 10 March 2008 - 08:56 PM

i can't believe that it is the same system...i was this /\ close to just reformatting and starting over!!!!!!thank you so much!!!!! you are a special person and i hope that everyone you help appreciates you as much as i do!!!!!!!!!!!!!!!!!!!!!!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users