Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tried to fix Win32.Netsky.Q


  • This topic is locked This topic is locked
16 replies to this topic

#1 catbox_9

catbox_9

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 16 December 2008 - 09:24 PM

One of the house's computers was getting a Win32.Netsky.Q security alert. I attempted to fix that myself by deleting a google folder from the C:Document and Setting/Username/application data folder and the Win32.Netsky.Q alerts are gone. The computer is still running very slow. Some websites seem to load but many (including this one) won't load at all. I have used Adaware several times and I have deleted everything it has found. Malwarebytes is installed on the computer but it won't open. The system restore feature does not seem to work and some programs won't install while others will. I attempted to run Kaspersky but the page cannot be displayed on that computer. Thanks for any help.

Below are the logs from RSIT:

Info:
info.txt logfile of random's system information tool 1.04 2008-12-16 18:07:48

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9  -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9  -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
3D Home Architect Design Suite Deluxe 8-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E} 
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
AccessDiver v4.402-->"C:\Program Files\Accessdiver\unins000.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat 7.0.5 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Setup-->MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9  -removeonly
AoADVDCreator-->"C:\Program Files\AoA DVD Creator\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA561482-C49D-4687-A61C-96236C1688F0}\Setup.exe" -l0x9 
a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"
AT&T Connection Services Manager-->C:\WINDOWS\WNBackup\WnClient62\unwise32.exe /Z /U C:\WINDOWS\WNBackup\WnClient62\install.log "AT&T Connection Services Manager"
Atheros Client Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\Setup.exe" -l0x9 
Atheros Wireless LAN MiniPCI card Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x9 
BitComet 0.97-->C:\Program Files\BitComett\uninst.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Cart Commander 2.0.1.7 Unregistered-->"C:\Program Files\Cart Commander\unins000.exe"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9 
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
eMule-->"C:\Program Files\eMule\Uninstall.exe"
ESPN Java Check-->C:\WINDOWS\system32\javaws.exe -uninstall "http://games.espn.go.com/s/flblm/07/livedraft/jws-check.jar"
ESPN RunTime-->C:\Program Files\ESPNRunTime\DIGSvcUninstall.exe /brand=ESPN
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{706BB40A-4102-4c89-8107-DC68C4EBD19B}\setup\hpzscr01.exe -datfile hposcr14.dat
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MC Web-->C:\WINDOWS\unvise32.exe C:\uninstal.log
McAfee SecurityCenter-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003-->MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MpcStar 3.0-->C:\Program Files\MpcStar\uninst.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MyConnect Special Offer-->MsiExec.exe /I{97D8751D-18A4-482B-9E9C-31DAD9BEC1EC}
Nero 7 Premium-->MsiExec.exe /X{26D3E377-1DCA-4043-9410-B4A9BACF1033}
On2 VP7 Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9 
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Picture Package Music Transfer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9  -removeonly
Pure Networks Port Magic-->C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RegAlyzer (OpenSBI Edition)-->"C:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
Roll-->C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Roxio Burn Engine-->MsiExec.exe /X{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9  /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
SoundTaxi 1.3.5-->"C:\Program Files\SoundTaxi\unins000.exe"
Stella 2.4.2-->"C:\Atari2600\Stella\unins000.exe"
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F47B2DF8-35EC-4B51-B5F2-0E03EF5F51DA} /l1033 
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
TOSHIBA Accessibility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3A57482F-BEBC-47E4-ADA1-6302403C7E50} /l1033 
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9 
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Fn-esse-->C:\WINDOWS\UnInst32.exe Fn-esse.UNI
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033 
TOSHIBA Hotkey Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7900D3A6-A9E8-4954-ACCB-AB15867978BF} /l1033 
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE} /l1033 
Toshiba Registration and Metamail Trust Architecture-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE3F89C0-42D5-11D5-A40A-00105AC8331A}\Setup.exe" -l0x9 
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe" 
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" 
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9 
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9 
TOSHIBA Supervisor Password-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033 
Toshiba Tbiosdrv Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu"
TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe"  /uninstall
TOSHIBA Zooming Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{02EED746-8C5A-43C8-BB3D-D29C8B363A4D} /l1033 
Touch and Launch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe" 
TouchPad On/Off Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{80977342-27E8-4FF7-8B6A-D8D89461DA7F} /l1033 
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WinAce Archiver-->C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: McAfee VirusScan (disabled) (outdated)

======Environment variables======

"bB"=C:\Atari2600\bB 
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Atari2600\bB;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0d08
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------

Log:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Ryan Donahue at 2008-12-16 18:08:00
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 32 GB (41%) free of 76 GB
Total RAM: 1526 MB (46% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (RYAN-Ryan Donahue).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComett\tools\BitCometBHO_1.1.11.30.dll [2007-12-04 464184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-23 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-11-01 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-11-01 126976]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-01-14 122939]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-23 196608]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-04-12 88358]
"NDSTray.exe"=NDSTray.exe []
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2005-04-20 28672]
"SVPWUTIL"=C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [2005-02-25 65536]
"TOSHIBA Accessibility"=C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe [2005-02-22 24576]
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2005-04-28 675840]
""= []
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2004-12-28 270336]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-09-07 1077301]
"ZoomingHook"=C:\WINDOWS\system32\ZoomingHook.exe [2004-04-30 24576]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-15 122880]
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2004-11-29 53248]
"VSOCheckTask"=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-04-05 73728]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]
"OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-11 53248]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"DIGStream"=C:\Program Files\DIGStream\digstream.exe [2005-10-31 278528]
"DIGServices"=C:\Program Files\ESPNRunTime\DIGServices.exe [2005-10-31 101888]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"TkBellExe"=C:\Program Files\MpcStar\Codecs\Real\RCAPlugins\realsched.exe  -osboot []
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2005-09-23 483328]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-29 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"SVCHOST.EXE"=C:\WINDOWS\system32\drivers\svchost.exe [2008-12-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Swarmcast for MLB_07.lnk]
C:\PROGRA~1\SWARMC~1\SWARMC~1.EXE  []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Ryan Donahue\Start Menu\Programs\Startup
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-01 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B9E618A2-A4FE-11D4-83C2-005004636C96}"=C:\Program Files\Metamail Inc\Metamail Reader\OESHook.dll [2005-04-26 45056]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-16 18:07:41 ----D---- C:\Program Files\trend micro
2008-12-16 18:07:40 ----D---- C:\rsit
2008-12-16 15:41:38 ----D---- C:\Program Files\a-squared Free
2008-12-16 15:33:03 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Safer Networking
2008-12-16 15:32:54 ----D---- C:\Program Files\Safer Networking
2008-12-14 00:30:54 ----A---- C:\Documents and Settings\Ryan Donahue\Application Data\upd.exe
2008-12-13 01:12:15 ----D---- C:\Program Files\Winpoker 6 Shareware
2008-12-12 03:12:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-04 11:20:34 ----D---- C:\Program Files\Apple Software Update
2008-12-04 11:16:37 ----D---- C:\Program Files\iTunes
2008-12-04 11:16:37 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 18:06:21 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Desktopicon
2008-11-29 10:49:40 ----D---- C:\Program Files\DVD Decrypter
2008-11-19 13:49:08 ----D---- C:\Program Files\Accessdiver
2008-11-17 22:12:44 ----D---- C:\Converted
2008-11-17 22:11:19 ----D---- C:\Program Files\SoundTaxi

======List of files/folders modified in the last 1 months======

2008-12-16 18:07:41 ----RD---- C:\Program Files
2008-12-16 17:52:29 ----D---- C:\Documents and Settings\All Users\Application Data\DIGStream
2008-12-16 17:12:43 ----D---- C:\Program Files\Mozilla Firefox
2008-12-16 15:53:13 ----D---- C:\WINDOWS\Temp
2008-12-16 15:42:05 ----D---- C:\WINDOWS\Prefetch
2008-12-16 13:22:37 ----D---- C:\Downloads
2008-12-16 11:30:27 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-16 01:58:33 ----D---- C:\Program Files\eMule
2008-12-16 00:15:06 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-15 23:12:57 ----SHD---- C:\WINDOWS\Installer
2008-12-15 23:12:57 ----HD---- C:\Config.Msi
2008-12-15 23:12:11 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-12-15 23:11:54 ----SD---- C:\WINDOWS\Tasks
2008-12-15 23:06:53 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-15 23:05:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-15 18:02:14 ----D---- C:\WINDOWS\system32
2008-12-15 14:42:30 ----SHD---- C:\RECYCLER
2008-12-15 14:42:30 ----D---- C:\Documents and Settings
2008-12-15 09:07:26 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Google
2008-12-15 08:41:15 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-15 02:17:24 ----RSD---- C:\WINDOWS\Fonts
2008-12-14 00:40:57 ----D---- C:\WINDOWS\system32\drivers
2008-12-14 00:40:03 ----HD---- C:\Documents and Settings\Ryan Donahue\Application Data\Move Networks
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\DAEMON Tools
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Atari
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Apple Computer
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Ahead
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\AdobeUM
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Adobe
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\.bittorrent
2008-12-13 12:09:20 ----HD---- C:\WINDOWS\inf
2008-12-13 01:12:45 ----D---- C:\WINDOWS
2008-12-12 03:12:39 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 03:12:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-12 03:12:08 ----D---- C:\Program Files\Internet Explorer
2008-12-12 03:11:09 ----D---- C:\WINDOWS\ie7updates
2008-12-12 03:10:57 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 15:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-04 11:17:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-04 11:17:00 ----D---- C:\Program Files\iPod
2008-12-04 11:16:42 ----D---- C:\Program Files\Common Files\Apple
2008-12-04 11:13:49 ----D---- C:\Program Files\Bonjour
2008-12-04 11:12:07 ----D---- C:\Program Files\QuickTime
2008-11-29 13:18:23 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-11-29 00:24:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Vso
2008-11-29 00:24:45 ----A---- C:\Documents and Settings\Ryan Donahue\Application Data\inst.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-08-28 2560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-02-24 102320]
R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2005-04-20 6400]
R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2005-04-20 6400]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-12-02 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-12-02 23545]
R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-02-25 8704]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-12-23 40544]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2005-09-12 15890]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-01-14 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-01-14 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-01-14 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-01-14 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-01-14 87706]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-01-14 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-01-14 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-01-14 99098]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-01-14 100603]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-04-12 1066278]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-15 101874]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-22 393600]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-01 773565]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-12-13 513152]
R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-04-15 29056]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-03-30 230400]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-08-28 2432]
S1 StickyMesger;StickyMesger; \??\C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 bfastfao;bfastfao; \??\C:\DOCUME~1\RYANDO~1\LOCALS~1\Temp\bfastfao.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-06-26 47360]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys []
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-04-04 160768]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-12-16 419448]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-13 611664]
R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\ACS.exe [2004-12-22 36864]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-27 110592]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2004-05-13 53248]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-04-09 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-24 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


BC AdBot (Login to Remove)

 


#2 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:08:15 PM

Posted 19 December 2008 - 06:43 AM

Hello catbox_9,

Welcome to Bleeping Computer.

My name mas_pogi and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.

Attention!

Please do not run any other tool untill instructed to do so.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.
Please reply to this thread, do not start another.




You might want to save this page on your bookmark, so you can find it again when you return.

Firefox: Posted Image Then click on Done.

IExplorer: Posted Image Then click on Add.

Stay calm and everything will be just alright.

I will be analyzing your log. I will get back to you with instructions as soon as possible.

With Regards,
mas_pogi

Edited by mas_pogi, 19 December 2008 - 06:44 AM.


#3 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:08:15 PM

Posted 19 December 2008 - 12:12 PM

hi.

Welcome to bleeping computers once again.

Please follow the instructions below;
  • Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Emule & BitComett). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

    It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

    It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

    Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

  • We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Please include the C:\ComboFix.txt in your next reply for further review.

  • Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your reply, please post

C:\combofix.txt
Kaspersky scan result
Note: Do not put code tags in your logs

Mark

Edited by mas_pogi, 19 December 2008 - 12:14 PM.


#4 catbox_9

catbox_9
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 22 December 2008 - 02:05 AM

Hi.

Sorry for the delay in the response. I was away from the computer the last day or so. This will not happen in the future.

This computer is my brother's computer so I do not know what exactly he does with the file-sharing programs. I have suggested he discontinue using them.

I downloaded combofix and saved it on a flash drive. I then downloaded and saved the Windows Recovery console thing and drug it on top of the Combofix icon on the desktop. When I do this, an hourglass shows up but the Combofix program does not open. If I try to double click on Combofix, I get an hourglass but it does not open.

The Kapersky website will not load on the computer I am trying to fix.

Edited by catbox_9, 22 December 2008 - 02:05 AM.


#5 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:08:15 PM

Posted 22 December 2008 - 04:14 AM

hi catbox,

Sorry for the delay in the response. I was away from the computer the last day or so. This will not happen in the future.

np :thumbsup:


Please do me a favor.


Locate Combofix.exe then rename it to combo-fixa.exe

Then follow the instruction I have given you in my last post.

Mark

Edited by mas_pogi, 22 December 2008 - 04:14 AM.


#6 catbox_9

catbox_9
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 22 December 2008 - 05:43 PM

hi catbox,

Locate Combofix.exe then rename it to combo-fixa.exe


Thant worked. Thanks.

After doing those two steps, I can now access this site from the problematic computer. It seems to be working better.

Here are the logs:

Combofix:
ComboFix 08-12-21.04 - Ryan Donahue 2008-12-22 9:15:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1526.1136 [GMT -8:00]
Running from: c:\documents and settings\Ryan Donahue\Desktop\combo-fixa.exe.exe
Command switches used :: c:\documents and settings\Ryan Donahue\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ryan Donahue\Application Data\inst.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\drivers\TDSSmqlt.sys
c:\windows\system32\TDSSbrsr.dll
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsihc.dll
c:\windows\system32\TDSStkdu.log
c:\windows\system32\TDSSxfum.dll
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-16 18:07 . 2008-12-16 18:07 <DIR> d-------- C:\rsit
2008-12-16 18:07 . 2008-12-16 18:07 <DIR> d-------- c:\program files\trend micro
2008-12-16 15:41 . 2008-12-16 17:47 <DIR> d-------- c:\program files\a-squared Free
2008-12-16 15:33 . 2008-12-16 15:33 <DIR> d-------- c:\documents and settings\Ryan Donahue\Application Data\Safer Networking
2008-12-16 15:32 . 2008-12-16 15:32 <DIR> d-------- c:\program files\Safer Networking
2008-12-14 00:30 . 2008-12-14 00:30 49,152 --a------ c:\documents and settings\Ryan Donahue\Application Data\upd.exe
2008-12-13 01:12 . 2008-12-15 02:17 <DIR> d-------- c:\program files\Winpoker 6 Shareware
2008-12-04 11:20 . 2008-12-04 11:20 <DIR> d-------- c:\program files\Apple Software Update
2008-12-04 11:16 . 2008-12-04 11:17 <DIR> d-------- c:\program files\iTunes
2008-12-04 11:16 . 2008-12-04 11:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 18:06 . 2008-12-01 18:06 <DIR> d-------- c:\documents and settings\Ryan Donahue\Application Data\Desktopicon
2008-11-29 10:49 . 2008-11-29 10:49 <DIR> d-------- c:\program files\DVD Decrypter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 17:31 --------- d-----w c:\documents and settings\All Users\Application Data\DIGStream
2008-12-19 05:22 --------- d-----w c:\program files\eMule
2008-12-18 07:30 274 ----a-w c:\documents and settings\Ryan Donahue\Application Data\wklnhst.dat
2008-12-14 08:40 --------- d--h--w c:\documents and settings\Ryan Donahue\Application Data\Move Networks
2008-12-14 08:30 --------- d-----w c:\documents and settings\Ryan Donahue\Application Data\DAEMON Tools
2008-12-14 08:30 --------- d-----w c:\documents and settings\Ryan Donahue\Application Data\Atari
2008-12-14 08:30 --------- d-----w c:\documents and settings\Ryan Donahue\Application Data\Apple Computer
2008-12-14 08:30 --------- d-----w c:\documents and settings\Ryan Donahue\Application Data\Ahead
2008-12-14 08:30 --------- d-----w c:\documents and settings\Ryan Donahue\Application Data\AdobeUM
2008-12-14 08:30 --------- d-----w c:\documents and settings\Ryan Donahue\Application Data\.bittorrent
2008-12-04 19:17 --------- d-----w c:\program files\iPod
2008-12-04 19:16 --------- d-----w c:\program files\Common Files\Apple
2008-12-04 19:13 --------- d-----w c:\program files\Bonjour
2008-12-04 19:12 --------- d-----w c:\program files\QuickTime
2008-11-29 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-29 08:24 47,360 ----a-w c:\documents and settings\Ryan Donahue\Application Data\pcouffin.sys
2008-11-29 08:24 --------- d-----w c:\documents and settings\Ryan Donahue\Application Data\Vso
2008-11-19 21:49 --------- d-----w c:\program files\Accessdiver
2008-11-18 06:12 --------- d-----w c:\program files\SoundTaxi
2008-11-06 17:21 --------- d-----w c:\program files\MSN Messenger
2008-11-03 09:08 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-03 09:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 22:05 --------- d-----w c:\documents and settings\Ryan Donahue\Application Data\Template
2008-10-22 04:04 --------- d-----w c:\program files\BitComett
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-29 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-01 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-01 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-01-14 122939]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2005-04-20 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-02-22 24576]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-28 675840]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 122880]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 53248]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"DIGStream"="c:\program files\DIGStream\digstream.exe" [2005-10-31 278528]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-10-31 101888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-23 483328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 c:\windows\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2004-12-28 c:\windows\system32\TPSMain.exe]
"ZoomingHook"="ZoomingHook.exe" [2004-04-30 c:\windows\system32\ZoomingHook.exe]

c:\documents and settings\Ryan Donahue\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-11 59080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-04-09 25214]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-05-23 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B9E618A2-A4FE-11D4-83C2-005004636C96}"= "c:\program files\Metamail Inc\Metamail Reader\OESHook.dll" [2005-04-26 45056]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Swarmcast for MLB_07.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Swarmcast for MLB_07.lnk
backup=c:\windows\pss\Swarmcast for MLB_07.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22794:TCP"= 22794:TCP:BitComet 22794 TCP
"22794:UDP"= 22794:UDP:BitComet 22794 UDP

S3 bfastfao;bfastfao;\??\c:\docume~1\RYANDO~1\LOCALS~1\Temp\bfastfao.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-22 c:\windows\Tasks\At1.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-22 c:\windows\Tasks\At10.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-17 c:\windows\Tasks\At11.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-16 c:\windows\Tasks\At12.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-16 c:\windows\Tasks\At13.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-16 c:\windows\Tasks\At14.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-16 c:\windows\Tasks\At15.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-16 c:\windows\Tasks\At16.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-19 c:\windows\Tasks\At17.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-19 c:\windows\Tasks\At18.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-19 c:\windows\Tasks\At19.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-22 c:\windows\Tasks\At2.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-19 c:\windows\Tasks\At20.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-19 c:\windows\Tasks\At21.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-19 c:\windows\Tasks\At22.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-19 c:\windows\Tasks\At23.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-22 c:\windows\Tasks\At24.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-22 c:\windows\Tasks\At25.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-22 c:\windows\Tasks\At26.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-22 c:\windows\Tasks\At27.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-22 c:\windows\Tasks\At28.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-22 c:\windows\Tasks\At29.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-22 c:\windows\Tasks\At3.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-22 c:\windows\Tasks\At30.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-22 c:\windows\Tasks\At31.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-22 c:\windows\Tasks\At32.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-22 c:\windows\Tasks\At33.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-22 c:\windows\Tasks\At34.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-17 c:\windows\Tasks\At35.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-16 c:\windows\Tasks\At36.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-16 c:\windows\Tasks\At37.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-16 c:\windows\Tasks\At38.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-16 c:\windows\Tasks\At39.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-22 c:\windows\Tasks\At4.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-16 c:\windows\Tasks\At40.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-19 c:\windows\Tasks\At41.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-19 c:\windows\Tasks\At42.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-19 c:\windows\Tasks\At43.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-19 c:\windows\Tasks\At44.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-19 c:\windows\Tasks\At45.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-19 c:\windows\Tasks\At46.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-19 c:\windows\Tasks\At47.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-22 c:\windows\Tasks\At48.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-22 c:\windows\Tasks\At5.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-22 c:\windows\Tasks\At6.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-22 c:\windows\Tasks\At7.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-22 c:\windows\Tasks\At8.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-22 c:\windows\Tasks\At9.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-22 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (RYAN-Ryan Donahue).job
- c:\progra~1\mcafee.com\vso\mcmnhdlr.exe [2005-07-08 17:18]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{81705D67-3F73-4983-859B-97D0922E5ABE} - (no file)
HKLM-Run-TkBellExe - c:\program files\MpcStar\Codecs\Real\RCAPlugins\realsched.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComett\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComett\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComett\BitComet.exe/AddAllLink.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {15589FA1-C456-11CE-BF01-00AA0055595A} - hxxp://w4s2.work4sure.com/c/ge/w4sgeen9.exe

O16 -: {3A7FE611-1994-4EF1-A09F-99456752289D} - hxxp://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
c:\windows\Downloaded Program Files\ActiveLauncherCabSetup.inf

c:\windows\Downloaded Program Files\ConnectorLauncher.dll - O16 -: {50647AB5-18FD-4142-82B0-5852478DD0D5}
hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab

c:\windows\Downloaded Program Files\MILivePDP5.ES - c:\windows\system32\MILiveDownload3.dll
c:\windows\Downloaded Program Files\noccontrol.dll
c:\windows\Downloaded Program Files\MILivePDP5.ocx
O16 -: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
hxxp://online.invokesolutions.com/events/bin/media/5.1.3.1429-3.0.0.7207/MILive.cab
c:\windows\Downloaded Program Files\MILive.inf
FF - ProfilePath - c:\documents and settings\Ryan Donahue\Application Data\Mozilla\Firefox\Profiles\4pwo67uy.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\Ryan Donahue\Application Data\Mozilla\Firefox\Profiles\4pwo67uy.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071102000005.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 09:31:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\VSO\McShield.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\windows\system32\snmp.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\McAfee.com\Shared\mghtml.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-12-22 9:38:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-22 17:37:31

Pre-Run: 32,514,207,744 bytes free
Post-Run: 34,122,407,936 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

366 --- E O F --- 2008-12-19 05:16:32





-----------------------------------------------------------------------------------------

Kaspersky:

Monday, December 22, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 22, 2008 17:03:33
Records in database: 1500983
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Files scanned 114907
Threat name 8
Infected objects 19
Suspicious objects 0
Duration of the scan 02:37:45

File name Threat name Threats count
C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-12ecc202 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-16123751 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-34892e2a Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-512678e8 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-6fcdbd11 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-223900eb Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-23f8a809 Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-45faf82c Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-57e8ae3b Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-6bff7aeb Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-7190575f.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-4d7a2a4f.zip Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Ryan Donahue\Application Data\upd.exe Infected: Backdoor.Win32.Small.gwz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\svchost.exe.vir Infected: Backdoor.Win32.Small.gwz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSmqlt.sys.vir Infected: Backdoor.Win32.TDSS.bkw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSbrsr.dll.vir Infected: Backdoor.Win32.TDSS.asz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoiqh.dll.vir Infected: Backdoor.Win32.TDSS.blh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSriqp.dll.vir Infected: Backdoor.Win32.TDSS.atb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSxfum.dll.vir Infected: Trojan.Win32.Agent.arvz 1
The selected area was scanned.

#7 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:08:15 PM

Posted 22 December 2008 - 05:50 PM

hi.

Glad to hear that.


Wait for further instructions.

Mark

#8 catbox_9

catbox_9
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 22 December 2008 - 06:39 PM

EDIT: Disregard this. I replied to your PM.

Edited by catbox_9, 22 December 2008 - 06:40 PM.


#9 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:08:15 PM

Posted 23 December 2008 - 09:43 AM

hi.

After doing those two steps, I can now access this site from the problematic computer. It seems to be working better.

Work in progress. Thanks for letting me know.

Lets continue,
  • 1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    EXTRA::

    FILE::
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    C:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At25.job
    c:\windows\Tasks\At26.job
    c:\windows\Tasks\At27.job
    c:\windows\Tasks\At29.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At30.job
    c:\windows\Tasks\At31.job
    c:\windows\Tasks\At32.job
    c:\windows\Tasks\At33.job
    c:\windows\Tasks\At34.job
    c:\windows\Tasks\At35.job
    c:\windows\Tasks\At36.job
    c:\windows\Tasks\At37.job
    c:\windows\Tasks\At38.job
    c:\windows\Tasks\At39.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At40.job
    c:\windows\Tasks\At41.job
    c:\windows\Tasks\At42.job
    c:\windows\Tasks\At43.job
    c:\windows\Tasks\At44.job
    c:\windows\Tasks\At45.job
    c:\windows\Tasks\At46.job
    c:\windows\Tasks\At47.job
    c:\windows\Tasks\At48.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job
    C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-12ecc202
    C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-16123751
    C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-34892e2a
    C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-512678e8
    C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-6fcdbd11
    C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-223900eb
    C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-23f8a809
    C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-45faf82c
    C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-57e8ae3b
    C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-6bff7aeb
    C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-7190575f.zip
    C:\Documents and Settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-4d7a2a4f.zip
    C:\Documents and Settings\Ryan Donahue\Application Data\upd.exe

    ROOTKIT::
    c:\docume~1\RYANDO~1\LOCALS~1\Temp\bfastfao.sys

    DRIVER::
    bfastfao


    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

  • Please download ATF Cleaner by Atribune & save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
    Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

  • Please run the F-Secure Online Scanner
    Note: This Scanner is for Internet Explorer Only!
    Follow the Instruction here for installation.
    Accept the License Agreement.
    Once the ActiveX installs,Click Full System Scan
    Once the download completes, the scan will begin automatically.
    The scan will take some time to finish, so please be patient.
    When the scan completes, click the Automatic cleaning (recommended) button.
    Click the Show Report button and Copy&Paste the entire report in your next reply.

In your reply, please post
C:\combofix.txt
Fsecure scan result
Hows your computer now?


Mark

#10 catbox_9

catbox_9
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 23 December 2008 - 11:25 PM

Okay. I have done what you have asked. The computer still seems fine although nothing seems any different than it did before I did these three steps. Here are the logs:

combofix
ComboFix 08-12-21.04 - Ryan Donahue 2008-12-23 18:06:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1526.865 [GMT -8:00]
Running from: c:\documents and settings\Ryan Donahue\Desktop\combo-fixa.exe.exe
Command switches used :: c:\documents and settings\Ryan Donahue\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-12ecc202
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-16123751
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-34892e2a
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-512678e8
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-6fcdbd11
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-223900eb
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-23f8a809
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-45faf82c
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-57e8ae3b
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-6bff7aeb
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-7190575f.zip
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-4d7a2a4f.zip
c:\documents and settings\Ryan Donahue\Application Data\upd.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-12ecc202
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-16123751
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-34892e2a
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-512678e8
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-6fcdbd11
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-223900eb
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-23f8a809
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-45faf82c
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-57e8ae3b
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-6bff7aeb
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-7190575f.zip
c:\documents and settings\Ryan Donahue\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-4d7a2a4f.zip
c:\documents and settings\Ryan Donahue\Application Data\upd.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BFASTFAO
-------\Service_bfastfao


((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.

2008-12-22 14:45 . 2008-12-22 14:45 <DIR> d-------- c:\windows\Cache
2008-12-22 14:45 . 2008-12-22 14:45 <DIR> d-------- c:\program files\Coupons
2008-12-22 14:45 . 2008-12-22 14:45 197,976 --------- c:\windows\system32\cpnprt2.cid
2008-12-22 14:45 . 2008-12-22 14:45 197,976 -ra------ c:\windows\cpnprt2.cid
2008-12-22 09:54 . 2008-12-22 09:54 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-22 09:54 . 2008-12-22 09:54 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-16 18:07 . 2008-12-16 18:07 <DIR> d-------- C:\rsit
2008-12-16 18:07 . 2008-12-16 18:07 <DIR> d-------- c:\program files\trend micro
2008-12-16 15:41 . 2008-12-16 17:47 <DIR> d-------- c:\program files\a-squared Free
2008-12-16 15:33 . 2008-12-16 15:33 <DIR> d-------- c:\documents and settings\Ryan Donahue\Application Data\Safer Networking
2008-12-16 15:32 . 2008-12-16 15:32 <DIR> d-------- c:\program files\Safer Networking
2008-12-13 01:12 . 2008-12-15 02:17 <DIR> d-------- c:\program files\Winpoker 6 Shareware
2008-12-04 11:20 . 2008-12-04 11:20 <DIR> d-------- c:\program files\Apple Software Update
2008-12-04 11:16 . 2008-12-04 11:17 <DIR> d-------- c:\program files\iTunes
2008-12-04 11:16 . 2008-12-04 11:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 18:06 . 2008-12-01 18:06 <DIR> d-------- c:\documents and settings\Ryan Donahue\Application Data\Desktopicon
2008-11-29 10:49 . 2008-11-29 10:49 <DIR> d-------- c:\program files\DVD Decrypter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 02:20 --------- d-----w c:\documents and settings\All Users\Application Data\DIGStream
2008-12-24 01:22 --------- d-----w c:\program files\eMule
2008-12-23 04:27 --------- d-----w c:\program files\BitComett
2008-12-22 17:54 --------- d-----w c:\program files\Java
2008-12-18 07:30 274 ----a-w c:\documents and settings\Ryan Donahue\Application Data\wklnhst.dat
2008-12-14 08:40 --------- d--h--w c:\documents and settings\Ryan Donahue\Application Data\Move Networks
2008-12-14 08:30 --------- d-----w c:\documents and settings\Ryan Donahue\Application Data\DAEMON Tools
2008-12-14 08:30 --------- d-----w c:\documents and settings\Ryan Donahue\Application Data\Atari
2008-12-14 08:30 --------- d-----w c:\documents and settings\Ryan Donahue\Application Data\Apple Computer
2008-12-14 08:30 --------- d-----w c:\documents and settings\Ryan Donahue\Application Data\Ahead
2008-12-14 08:30 --------- d-----w c:\documents and settings\Ryan Donahue\Application Data\AdobeUM
2008-12-14 08:30 --------- d-----w c:\documents and settings\Ryan Donahue\Application Data\.bittorrent
2008-12-04 19:17 --------- d-----w c:\program files\iPod
2008-12-04 19:16 --------- d-----w c:\program files\Common Files\Apple
2008-12-04 19:13 --------- d-----w c:\program files\Bonjour
2008-12-04 19:12 --------- d-----w c:\program files\QuickTime
2008-11-29 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-29 08:24 47,360 ----a-w c:\documents and settings\Ryan Donahue\Application Data\pcouffin.sys
2008-11-29 08:24 --------- d-----w c:\documents and settings\Ryan Donahue\Application Data\Vso
2008-11-19 21:49 --------- d-----w c:\program files\Accessdiver
2008-11-18 06:12 --------- d-----w c:\program files\SoundTaxi
2008-11-06 17:21 --------- d-----w c:\program files\MSN Messenger
2008-11-03 09:08 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-03 09:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-22_ 9.36.41.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-12-07 03:04:12 49,248 ----a-w c:\windows\system32\java.exe
+ 2008-12-22 17:54:26 144,792 ----a-w c:\windows\system32\java.exe
- 2004-12-07 03:04:20 49,250 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-22 17:54:26 144,792 ----a-w c:\windows\system32\javaw.exe
- 2004-12-07 04:31:50 127,078 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-22 17:54:27 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-24 02:14:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_288.dat
+ 2008-12-24 02:14:39 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-29 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-01 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-01 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-01-14 122939]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2005-04-20 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-02-22 24576]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-28 675840]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 122880]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 53248]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"DIGStream"="c:\program files\DIGStream\digstream.exe" [2005-10-31 278528]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-10-31 101888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-23 483328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 c:\windows\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2004-12-28 c:\windows\system32\TPSMain.exe]
"ZoomingHook"="ZoomingHook.exe" [2004-04-30 c:\windows\system32\ZoomingHook.exe]

c:\documents and settings\Ryan Donahue\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-11 59080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-04-09 25214]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-05-23 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B9E618A2-A4FE-11D4-83C2-005004636C96}"= "c:\program files\Metamail Inc\Metamail Reader\OESHook.dll" [2005-04-26 45056]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Swarmcast for MLB_07.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Swarmcast for MLB_07.lnk
backup=c:\windows\pss\Swarmcast for MLB_07.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22794:TCP"= 22794:TCP:BitComet 22794 TCP
"22794:UDP"= 22794:UDP:BitComet 22794 UDP


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-23 c:\windows\Tasks\At2.job
- c:\windows\system32\61c8ESWC.exe []

2008-12-23 c:\windows\Tasks\At28.job
- c:\windows\system32\60xIAXwG.exe []

2008-12-24 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (RYAN-Ryan Donahue).job
- c:\progra~1\mcafee.com\vso\mcmnhdlr.exe [2005-07-08 17:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComett\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComett\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComett\BitComet.exe/AddAllLink.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\ConnectorLauncher.dll - O16 -: {50647AB5-18FD-4142-82B0-5852478DD0D5}
hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab

c:\windows\Downloaded Program Files\MILivePDP5.ES - c:\windows\system32\MILiveDownload3.dll
c:\windows\Downloaded Program Files\noccontrol.dll
c:\windows\Downloaded Program Files\MILivePDP5.ocx
O16 -: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
hxxp://online.invokesolutions.com/events/bin/media/5.1.3.1429-3.0.0.7207/MILive.cab
c:\windows\Downloaded Program Files\MILive.inf
FF - ProfilePath - c:\documents and settings\Ryan Donahue\Application Data\Mozilla\Firefox\Profiles\4pwo67uy.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\Ryan Donahue\Application Data\Mozilla\Firefox\Profiles\4pwo67uy.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071102000005.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 18:19:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\VSO\McShield.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\windows\system32\snmp.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\McAfee.com\Shared\mghtml.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-12-23 18:27:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-24 02:25:59
ComboFix2.txt 2008-12-22 17:38:07

Pre-Run: 26,183,143,424 bytes free
Post-Run: 26,265,235,456 bytes free

376 --- E O F --- 2008-12-19 05:16:32









--------------------------------------------------------------------------------------------------------------------------------



F-secure


Scanning Report
Tuesday, December 23, 2008 18:41:56 - 20:25:01

Computer name: RYAN
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 3 malware found
TrackingCookie.Advertising (spyware)

* System

TrackingCookie.Atdmt (spyware)

* System

TrackingCookie.Doubleclick (spyware)

* System

Statistics
Scanned:

* Files: 55138
* System: 4453
* Not scanned: 10

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 3
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\RYAN DONAHUE\LOCAL SETTINGS\TEMP\ETILQS_PNJVZD5FECHAYERK1NPR
* C:\DOCUMENTS AND SETTINGS\RYAN DONAHUE\APPLICATION DATA\APPLE COMPUTER\XERKS.EXE

Options
Scanning engines:

* F-Secure USS: 2.40.0
* F-Secure Hydra: 2.8.8110, 2008-12-23
* F-Secure AVP: 7.0.171, 2008-12-23
* F-Secure Pegasus: 1.20.0, 2008-11-17
* F-Secure Blacklight: 0.0.0

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 25 December 2008 - 11:14 AM

Hello catbox_9.

Sorry for the delay. Mas_pogi is leaving for his Holiday vacation starting today and isn't going to come back until the 5th of January. I'll help you finish anything we need to do.

Okay. I have done what you have asked. The computer still seems fine although nothing seems any different than it did before I did these three steps. Here are the logs:

Strange.. Also you had a rootkit which I need to warn you about. It's a bit late but you need to have an idea what this infection is..

Posted ImageBackdoor Threat
Unfortunately One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

You probably don't want to format/reinstall since you got this far. Let's see if there's anything else in the way. If you do want to reinstall/format, please tell me.


Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..

We will continue to disinfect if there is anything that needs to be addressed next post..

Please post back with:
-GMER scan log
-Fresh RSIT log
<- Important, I need to see if anything have changed so far..

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 catbox_9

catbox_9
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 25 December 2008 - 10:26 PM

Hi.

The computer isn't used for anything like banking or anything like that so we have decided to fix it as well as possible and proceed from there. With that said, here are the requested logs. It appears I only got one log from RSIT. I ran it twice but didn't get a second log. I thought there were two but maybe I did something wrong...


GMER:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-25 19:14:28
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT spfp.sys ZwCreateKey [0xF74D70E0]
SSDT spfp.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spfp.sys ZwEnumerateValueKey [0xF74F6030]
SSDT spfp.sys ZwOpenKey [0xF74D70C0]
SSDT spfp.sys ZwQueryKey [0xF74F6108]
SSDT spfp.sys ZwQueryValueKey [0xF74F5F88]
SSDT spfp.sys ZwSetValueKey [0xF74F619A]

INT 0x62 ? 8A409BF8
INT 0x73 ? 8A35CBF8
INT 0x82 ? 8A409BF8
INT 0x84 ? 8A35CBF8
INT 0xA4 ? 8A35CBF8
INT 0xB4 ? 8A35CBF8

---- Kernel code sections - GMER 1.0.14 ----

? spfp.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload BAC4A8AC 5 Bytes JMP 8A35C1D8

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[2188] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A39F2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spfp.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spfp.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spfp.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spfp.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spfp.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spfp.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spfp.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A35C2D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E8048] spfp.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A4081F8

AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)

Device \FileSystem\Udfs \UdfsCdRom 89F1C1F8
Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk 89F1C1F8
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \Driver\usbuhci \Device\USBPDO-0 8A2CA1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A2CA1F8
Device \Driver\usbuhci \Device\USBPDO-2 8A2CA1F8
Device \Driver\usbehci \Device\USBPDO-3 8A3FF1F8
Device \Driver\usbuhci \Device\USBPDO-4 8A2CA1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A39D1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{50BDEBF6-90EC-41C4-90C6-B9437A572471} 89ECF1F8
Device \Driver\Cdrom \Device\CdRom0 8A24B500
Device \Driver\NetBT \Device\NetBt_Wins_Export 89ECF1F8
Device \Driver\NetBT \Device\NetbiosSmb 89ECF1F8
Device \Driver\usbuhci \Device\USBFDO-0 8A2CA1F8
Device \Driver\usbuhci \Device\USBFDO-1 8A2CA1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89EF81F8
Device \Driver\usbuhci \Device\USBFDO-2 8A2CA1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89EF81F8
Device \Driver\usbuhci \Device\USBFDO-3 8A2CA1F8
Device \Driver\usbehci \Device\USBFDO-4 8A3FF1F8
Device \Driver\Ftdisk \Device\FtControl 8A39D1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{FA2D00D3-9879-4762-AF77-DC99116247A9} 89ECF1F8
Device \FileSystem\Cdfs \Cdfs 89E66500

---- Threads - GMER 1.0.14 ----

Thread 4:340 8A202288

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDE 0x7B 0xE7 0xA2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDE 0x7B 0xE7 0xA2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDE 0x7B 0xE7 0xA2 ...

---- EOF - GMER 1.0.14 ----



------------------------------------------------------------------------------------------------------------------------
RSIT:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Ryan Donahue at 2008-12-25 19:24:40
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 19 GB (24%) free of 76 GB
Total RAM: 1526 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:48 PM, on 12/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\TPSBattM.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ryan Donahue\Desktop\RSIT.exe
C:\Program Files\trend micro\Ryan Donahue.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComett\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComett\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComett\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComett\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComett\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://mcweb.nslc.ucla.edu/mcweb/awswax.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.admissions.ucla.edu/bruincam/ac...sCamControl.ocx
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/b...7207/MILive.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 14255 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (RYAN-Ryan Donahue).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComett\tools\BitCometBHO_1.1.11.30.dll [2007-12-04 464184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-23 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-11-01 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-11-01 126976]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-01-14 122939]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-23 196608]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-04-12 88358]
"NDSTray.exe"=NDSTray.exe []
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2005-04-20 28672]
"SVPWUTIL"=C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [2005-02-25 65536]
"TOSHIBA Accessibility"=C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe [2005-02-22 24576]
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2005-04-28 675840]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2004-12-28 270336]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-09-07 1077301]
"ZoomingHook"=C:\WINDOWS\system32\ZoomingHook.exe [2004-04-30 24576]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-15 122880]
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2004-11-29 53248]
"VSOCheckTask"=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-04-05 73728]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]
"OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-11 53248]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"DIGStream"=C:\Program Files\DIGStream\digstream.exe [2005-10-31 278528]
"DIGServices"=C:\Program Files\ESPNRunTime\DIGServices.exe [2005-10-31 101888]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2005-09-23 483328]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-22 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-29 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Swarmcast for MLB_07.lnk]
C:\PROGRA~1\SWARMC~1\SWARMC~1.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Ryan Donahue\Start Menu\Programs\Startup
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-01 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B9E618A2-A4FE-11D4-83C2-005004636C96}"=C:\Program Files\Metamail Inc\Metamail Reader\OESHook.dll [2005-04-26 45056]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-25 18:49:33 ----A---- C:\WINDOWS\gmer.ini
2008-12-25 18:49:31 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-25 18:49:31 ----A---- C:\WINDOWS\gmer.exe
2008-12-25 18:49:31 ----A---- C:\WINDOWS\gmer.dll
2008-12-23 18:35:13 ----D---- C:\fsaua.data
2008-12-23 18:32:54 ----SHD---- C:\RECYCLER
2008-12-23 18:27:17 ----A---- C:\ComboFix.txt
2008-12-22 14:45:44 ----D---- C:\WINDOWS\Cache
2008-12-22 14:45:42 ----D---- C:\Program Files\Coupons
2008-12-22 09:54:54 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-22 09:54:54 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-22 09:54:54 ----A---- C:\WINDOWS\system32\java.exe
2008-12-22 09:54:54 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-22 09:02:31 ----A---- C:\Boot.bak
2008-12-22 09:02:20 ----RASHD---- C:\cmdcons
2008-12-22 09:01:01 ----A---- C:\WINDOWS\zip.exe
2008-12-22 09:01:01 ----A---- C:\WINDOWS\VFIND.exe
2008-12-22 09:01:01 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-22 09:01:01 ----A---- C:\WINDOWS\SWSC.exe
2008-12-22 09:01:01 ----A---- C:\WINDOWS\SWREG.exe
2008-12-22 09:01:01 ----A---- C:\WINDOWS\sed.exe
2008-12-22 09:01:01 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-22 09:01:01 ----A---- C:\WINDOWS\grep.exe
2008-12-22 09:01:01 ----A---- C:\WINDOWS\fdsv.exe
2008-12-22 09:00:50 ----D---- C:\WINDOWS\ERDNT
2008-12-22 09:00:49 ----D---- C:\Qoobox
2008-12-16 18:07:41 ----D---- C:\Program Files\trend micro
2008-12-16 18:07:40 ----D---- C:\rsit
2008-12-16 15:41:38 ----D---- C:\Program Files\a-squared Free
2008-12-16 15:33:03 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Safer Networking
2008-12-16 15:32:54 ----D---- C:\Program Files\Safer Networking
2008-12-13 01:12:15 ----D---- C:\Program Files\Winpoker 6 Shareware
2008-12-12 03:12:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-04 11:20:34 ----D---- C:\Program Files\Apple Software Update
2008-12-04 11:16:37 ----D---- C:\Program Files\iTunes
2008-12-04 11:16:37 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 18:06:21 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Desktopicon
2008-11-29 10:49:40 ----D---- C:\Program Files\DVD Decrypter

======List of files/folders modified in the last 1 months======

2008-12-25 19:24:47 ----D---- C:\WINDOWS\Prefetch
2008-12-25 19:19:15 ----D---- C:\Documents and Settings\All Users\Application Data\DIGStream
2008-12-25 19:15:35 ----D---- C:\Program Files\Mozilla Firefox
2008-12-25 18:55:26 ----SHD---- C:\WINDOWS\Installer
2008-12-25 18:55:21 ----HD---- C:\Config.Msi
2008-12-25 18:55:21 ----D---- C:\WINDOWS\Temp
2008-12-25 18:54:09 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-12-25 18:53:39 ----SD---- C:\WINDOWS\Tasks
2008-12-25 18:52:35 ----D---- C:\WINDOWS
2008-12-25 18:51:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-25 18:49:31 ----D---- C:\WINDOWS\system32\drivers
2008-12-25 13:44:07 ----D---- C:\Downloads
2008-12-23 23:32:39 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-23 22:14:46 ----D---- C:\Program Files\eMule
2008-12-23 20:25:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-23 18:35:01 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-23 18:27:24 ----D---- C:\WINDOWS\system32
2008-12-23 18:20:02 ----A---- C:\WINDOWS\system.ini
2008-12-23 18:12:45 ----D---- C:\WINDOWS\system32\config
2008-12-23 18:10:26 ----D---- C:\WINDOWS\AppPatch
2008-12-23 18:10:26 ----D---- C:\Program Files\Common Files
2008-12-22 20:27:16 ----D---- C:\Program Files\BitComett
2008-12-22 14:45:42 ----RD---- C:\Program Files
2008-12-22 09:54:16 ----D---- C:\Program Files\Java
2008-12-22 09:02:32 ----RASH---- C:\boot.ini
2008-12-21 23:35:31 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-18 21:16:31 ----HD---- C:\WINDOWS\inf
2008-12-18 21:16:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 21:15:40 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-15 23:06:53 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-15 14:42:30 ----D---- C:\Documents and Settings
2008-12-15 09:07:26 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Google
2008-12-15 08:41:15 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-15 02:17:24 ----RSD---- C:\WINDOWS\Fonts
2008-12-14 00:40:03 ----HD---- C:\Documents and Settings\Ryan Donahue\Application Data\Move Networks
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\DAEMON Tools
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Atari
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Apple Computer
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Ahead
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\AdobeUM
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Adobe
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\.bittorrent
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 03:13:03 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 03:12:08 ----D---- C:\Program Files\Internet Explorer
2008-12-12 03:11:09 ----D---- C:\WINDOWS\ie7updates
2008-12-09 15:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-04 11:17:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-04 11:17:00 ----D---- C:\Program Files\iPod
2008-12-04 11:16:42 ----D---- C:\Program Files\Common Files\Apple
2008-12-04 11:13:49 ----D---- C:\Program Files\Bonjour
2008-12-04 11:12:07 ----D---- C:\Program Files\QuickTime
2008-11-29 13:18:23 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-11-29 00:24:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Vso

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-08-28 2560]
R1 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-25 85969]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-02-24 102320]
R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2005-04-20 6400]
R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2005-04-20 6400]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-12-02 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-12-02 23545]
R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-02-25 8704]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-12-23 40544]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2005-09-12 15890]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-01-14 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-01-14 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-01-14 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-01-14 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-01-14 87706]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-01-14 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-01-14 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-01-14 99098]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-01-14 100603]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-04-12 1066278]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-15 101874]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-22 393600]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-01 773565]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-12-13 513152]
R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-04-15 29056]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-03-30 230400]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-08-28 2432]
S1 StickyMesger;StickyMesger; \??\C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\combo-fixa.exe\catchme.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-06-26 47360]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys []
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-04-04 160768]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-12-16 419448]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-13 611664]
R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\ACS.exe [2004-12-22 36864]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-27 110592]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-22 152984]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2004-05-13 53248]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-04-09 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-24 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Edited by catbox_9, 25 December 2008 - 10:28 PM.


#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 25 December 2008 - 11:17 PM

Hi again.

Still a bit of work before we are done.

View Point Programs Warning
Viewpoint Manager and Viewpoint Media Player is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Additional instructions on remocing program can be found here.
Download and Run OTMoveIT3
  • Please download OTMoveIt3 by OldTimer and save it to your desktop. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\WINDOWS\tasks\At2.job
    C:\WINDOWS\tasks\At28.job
    
    :commands
    [EmptyTemp]
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Post back with:
-OTMoveIT log
-New RSIT log( only one log will open up)


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 catbox_9

catbox_9
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 26 December 2008 - 02:35 AM

Hi again. I uninstalled the viewpoint program. Here are the logs:


OTMoveIT:

========== FILES ==========
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\RYANDO~1\LOCALS~1\Temp\etilqs_b2ah03QJWqaaqVacukRu scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RYANDO~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RYANDO~1\LOCALS~1\Temp\~DF1D9E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RYANDO~1\LOCALS~1\Temp\~DF1DB2.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RYANDO~1\LOCALS~1\Temp\~DFE76E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RYANDO~1\LOCALS~1\Temp\~DFE785.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RYANDO~1\LOCALS~1\Temp\~DFEA35.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RYANDO~1\LOCALS~1\Temp\~DFF59D.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_188.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_bc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Ryan Donahue\Local Settings\Application Data\Mozilla\Firefox\Profiles\4pwo67uy.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ryan Donahue\Local Settings\Application Data\Mozilla\Firefox\Profiles\4pwo67uy.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ryan Donahue\Local Settings\Application Data\Mozilla\Firefox\Profiles\4pwo67uy.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ryan Donahue\Local Settings\Application Data\Mozilla\Firefox\Profiles\4pwo67uy.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ryan Donahue\Local Settings\Application Data\Mozilla\Firefox\Profiles\4pwo67uy.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ryan Donahue\Local Settings\Application Data\Mozilla\Firefox\Profiles\4pwo67uy.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12252008_233034

Files moved on Reboot...
File move failed. C:\DOCUME~1\RYANDO~1\LOCALS~1\Temp\etilqs_b2ah03QJWqaaqVacukRu scheduled to be moved on reboot.
File move failed. C:\DOCUME~1\RYANDO~1\LOCALS~1\Temp\hpodvd09.log scheduled to be moved on reboot.
C:\DOCUME~1\RYANDO~1\LOCALS~1\Temp\~DF1D9E.tmp moved successfully.
C:\DOCUME~1\RYANDO~1\LOCALS~1\Temp\~DF1DB2.tmp moved successfully.
C:\DOCUME~1\RYANDO~1\LOCALS~1\Temp\~DFE76E.tmp moved successfully.
C:\DOCUME~1\RYANDO~1\LOCALS~1\Temp\~DFE785.tmp moved successfully.
File move failed. C:\DOCUME~1\RYANDO~1\LOCALS~1\Temp\~DFEA35.tmp scheduled to be moved on reboot.
File move failed. C:\DOCUME~1\RYANDO~1\LOCALS~1\Temp\~DFF59D.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_188.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_bc.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Ryan Donahue\Local Settings\Application Data\Mozilla\Firefox\Profiles\4pwo67uy.default\Cache\_CACHE_001_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Ryan Donahue\Local Settings\Application Data\Mozilla\Firefox\Profiles\4pwo67uy.default\Cache\_CACHE_002_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Ryan Donahue\Local Settings\Application Data\Mozilla\Firefox\Profiles\4pwo67uy.default\Cache\_CACHE_003_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Ryan Donahue\Local Settings\Application Data\Mozilla\Firefox\Profiles\4pwo67uy.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Ryan Donahue\Local Settings\Application Data\Mozilla\Firefox\Profiles\4pwo67uy.default\urlclassifier3.sqlite scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Ryan Donahue\Local Settings\Application Data\Mozilla\Firefox\Profiles\4pwo67uy.default\XUL.mfl scheduled to be moved on reboot.


----------------------------------------------------------------------------

RSIT:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Ryan Donahue at 2008-12-25 23:34:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 19 GB (25%) free of 76 GB
Total RAM: 1526 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:47 PM, on 12/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\TPSBattM.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\BitComett\BitComet.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ryan Donahue\Desktop\RSIT.exe
C:\Program Files\trend micro\Ryan Donahue.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComett\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComett\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComett\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComett\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComett\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://mcweb.nslc.ucla.edu/mcweb/awswax.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.admissions.ucla.edu/bruincam/ac...sCamControl.ocx
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/b...7207/MILive.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 14357 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (RYAN-Ryan Donahue).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComett\tools\BitCometBHO_1.1.11.30.dll [2007-12-04 464184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-23 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-11-01 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-11-01 126976]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-01-14 122939]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-23 196608]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-04-12 88358]
"NDSTray.exe"=NDSTray.exe []
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2005-04-20 28672]
"SVPWUTIL"=C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [2005-02-25 65536]
"TOSHIBA Accessibility"=C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe [2005-02-22 24576]
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2005-04-28 675840]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2004-12-28 270336]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-09-07 1077301]
"ZoomingHook"=C:\WINDOWS\system32\ZoomingHook.exe [2004-04-30 24576]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-15 122880]
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2004-11-29 53248]
"VSOCheckTask"=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-04-05 73728]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]
"OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-11 53248]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"DIGStream"=C:\Program Files\DIGStream\digstream.exe [2005-10-31 278528]
"DIGServices"=C:\Program Files\ESPNRunTime\DIGServices.exe [2005-10-31 101888]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2005-09-23 483328]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-22 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-29 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Swarmcast for MLB_07.lnk]
C:\PROGRA~1\SWARMC~1\SWARMC~1.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Ryan Donahue\Start Menu\Programs\Startup
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-01 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B9E618A2-A4FE-11D4-83C2-005004636C96}"=C:\Program Files\Metamail Inc\Metamail Reader\OESHook.dll [2005-04-26 45056]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-25 23:30:34 ----D---- C:\_OTMoveIt
2008-12-25 18:49:33 ----A---- C:\WINDOWS\gmer.ini
2008-12-25 18:49:31 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-25 18:49:31 ----A---- C:\WINDOWS\gmer.exe
2008-12-25 18:49:31 ----A---- C:\WINDOWS\gmer.dll
2008-12-23 18:35:13 ----D---- C:\fsaua.data
2008-12-23 18:32:54 ----SHD---- C:\RECYCLER
2008-12-23 18:27:17 ----A---- C:\ComboFix.txt
2008-12-22 14:45:44 ----D---- C:\WINDOWS\Cache
2008-12-22 14:45:42 ----D---- C:\Program Files\Coupons
2008-12-22 09:54:54 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-22 09:54:54 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-22 09:54:54 ----A---- C:\WINDOWS\system32\java.exe
2008-12-22 09:54:54 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-22 09:02:31 ----A---- C:\Boot.bak
2008-12-22 09:02:20 ----RASHD---- C:\cmdcons
2008-12-22 09:01:01 ----A---- C:\WINDOWS\zip.exe
2008-12-22 09:01:01 ----A---- C:\WINDOWS\VFIND.exe
2008-12-22 09:01:01 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-22 09:01:01 ----A---- C:\WINDOWS\SWSC.exe
2008-12-22 09:01:01 ----A---- C:\WINDOWS\SWREG.exe
2008-12-22 09:01:01 ----A---- C:\WINDOWS\sed.exe
2008-12-22 09:01:01 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-22 09:01:01 ----A---- C:\WINDOWS\grep.exe
2008-12-22 09:01:01 ----A---- C:\WINDOWS\fdsv.exe
2008-12-22 09:00:50 ----D---- C:\WINDOWS\ERDNT
2008-12-22 09:00:49 ----D---- C:\Qoobox
2008-12-16 18:07:41 ----D---- C:\Program Files\trend micro
2008-12-16 18:07:40 ----D---- C:\rsit
2008-12-16 15:41:38 ----D---- C:\Program Files\a-squared Free
2008-12-16 15:33:03 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Safer Networking
2008-12-16 15:32:54 ----D---- C:\Program Files\Safer Networking
2008-12-13 01:12:15 ----D---- C:\Program Files\Winpoker 6 Shareware
2008-12-12 03:12:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-04 11:20:34 ----D---- C:\Program Files\Apple Software Update
2008-12-04 11:16:37 ----D---- C:\Program Files\iTunes
2008-12-04 11:16:37 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 18:06:21 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Desktopicon
2008-11-29 10:49:40 ----D---- C:\Program Files\DVD Decrypter

======List of files/folders modified in the last 1 months======

2008-12-25 23:34:02 ----D---- C:\WINDOWS\Prefetch
2008-12-25 23:30:43 ----D---- C:\WINDOWS\Temp
2008-12-25 23:30:35 ----SD---- C:\WINDOWS\Tasks
2008-12-25 23:27:22 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-25 23:27:21 ----RD---- C:\Program Files
2008-12-25 23:19:22 ----D---- C:\Documents and Settings\All Users\Application Data\DIGStream
2008-12-25 22:17:57 ----D---- C:\Downloads
2008-12-25 19:30:30 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-25 19:28:57 ----D---- C:\Program Files\eMule
2008-12-25 19:25:35 ----D---- C:\Program Files\Mozilla Firefox
2008-12-25 18:55:26 ----SHD---- C:\WINDOWS\Installer
2008-12-25 18:55:21 ----HD---- C:\Config.Msi
2008-12-25 18:54:09 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-12-25 18:52:35 ----D---- C:\WINDOWS
2008-12-25 18:51:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-25 18:49:31 ----D---- C:\WINDOWS\system32\drivers
2008-12-23 23:32:39 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-23 20:25:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-23 18:27:24 ----D---- C:\WINDOWS\system32
2008-12-23 18:20:02 ----A---- C:\WINDOWS\system.ini
2008-12-23 18:12:45 ----D---- C:\WINDOWS\system32\config
2008-12-23 18:10:26 ----D---- C:\WINDOWS\AppPatch
2008-12-23 18:10:26 ----D---- C:\Program Files\Common Files
2008-12-22 20:27:16 ----D---- C:\Program Files\BitComett
2008-12-22 09:54:16 ----D---- C:\Program Files\Java
2008-12-22 09:02:32 ----RASH---- C:\boot.ini
2008-12-21 23:35:31 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-18 21:16:31 ----HD---- C:\WINDOWS\inf
2008-12-18 21:16:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 21:15:40 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-15 23:06:53 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-15 14:42:30 ----D---- C:\Documents and Settings
2008-12-15 09:07:26 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Google
2008-12-15 08:41:15 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-15 02:17:24 ----RSD---- C:\WINDOWS\Fonts
2008-12-14 00:40:03 ----HD---- C:\Documents and Settings\Ryan Donahue\Application Data\Move Networks
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\DAEMON Tools
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Atari
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Apple Computer
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Ahead
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\AdobeUM
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Adobe
2008-12-14 00:30:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\.bittorrent
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 03:13:03 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 03:12:08 ----D---- C:\Program Files\Internet Explorer
2008-12-12 03:11:09 ----D---- C:\WINDOWS\ie7updates
2008-12-09 15:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-04 11:17:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-04 11:17:00 ----D---- C:\Program Files\iPod
2008-12-04 11:16:42 ----D---- C:\Program Files\Common Files\Apple
2008-12-04 11:13:49 ----D---- C:\Program Files\Bonjour
2008-12-04 11:12:07 ----D---- C:\Program Files\QuickTime
2008-11-29 13:18:23 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-11-29 00:24:46 ----D---- C:\Documents and Settings\Ryan Donahue\Application Data\Vso

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-08-28 2560]
R1 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-25 85969]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-02-24 102320]
R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2005-04-20 6400]
R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2005-04-20 6400]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-12-02 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-12-02 23545]
R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-02-25 8704]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-12-23 40544]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2005-09-12 15890]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-01-14 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-01-14 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-01-14 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-01-14 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-01-14 87706]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-01-14 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-01-14 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-01-14 99098]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-01-14 100603]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-04-12 1066278]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-15 101874]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-22 393600]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-01 773565]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-12-13 513152]
R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-04-15 29056]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-03-30 230400]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-08-28 2432]
S1 StickyMesger;StickyMesger; \??\C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\combo-fixa.exe\catchme.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-06-26 47360]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys []
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-04-04 160768]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-12-16 419448]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-13 611664]
R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\ACS.exe [2004-12-22 36864]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-27 110592]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-22 152984]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2004-05-13 53248]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-04-09 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-24 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 PM

Posted 26 December 2008 - 11:01 AM

Hi, your log looks good now. We need to cleanup the mess though.

Please follow/read the steps below to remove the tools we used and for some more information. :)

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
  • When shown the disclaimer, Select "2"
This will remove files/folders assoicated with combofix and uninstall it.

Cleanup! with OTMoveIt
Let's remove all the tools we've used so far.
  • Double click the OTMoveIt3.exe to run it.
  • Click Posted Image. If you recieve a warning from your security program, select allow to download the packet.
  • A pop-up box will appear saying "Cleanup list download succesfully Begin Removal Process?". Click Yes.
  • If required for a reboot click Yes


Congratulations! You now appear clean! :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :thumbsup:


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users