Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible virus infection


  • Please log in to reply
8 replies to this topic

#1 lamotia

lamotia

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 13 January 2009 - 02:27 AM

Hello,

I have a serious problem. The laptop that I'm using is having some serious problems. I scan the processes that are running with hijackthis and using hijacthis.de I've managed to remove the unneeded entries but when I restarted the PC everything was the same way again. I'm not able to install or uninstall anything. Also I'm not able to use any of my two browsers - IE and Firefox. There is an internet connection (I used Start > Run > CMD > ping command and everything was perfect) but when it comes to browsing the two browsers are just not working. Is it possible that I have some kind of rootkit and virus that is going to a specific restore point that is infected?

Here is the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:26:54, on 09/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {24E9519B-3F70-429B-99BC-4B2B49B96F66} - C:\WINDOWS\system32\geBqOeFX.dll (file missing)
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4129CF89-472A-4451-BF17-02080D0C7DF0} - C:\WINDOWS\system32\wvUmliIY.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\WINDOWS\system32\fcccdEUM.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CDADEA8C-AD82-43F0-94B0-35EAFCC7E765} - C:\WINDOWS\system32\byXNeFvw.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CH/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader...ache=20071219-1
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: fcccdEUM - fcccdEUM.dll (file missing)
O20 - Winlogon Notify: geBqOeFX - geBqOeFX.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 13173 bytes


Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:50 AM

Posted 14 January 2009 - 04:47 PM

Hello Lamotia and welcome to Bleeping Computer,

Please read [url="http://"http://www.bleepingcomputer.com/combofix/how-to-use-combofix"]this tutorial[/url] carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 lamotia

lamotia
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 15 January 2009 - 02:17 PM

Hello Thunder,

There seems to be a problem ComboFix cannot backup my files because all of the files on the HDD are set to read-only when I try to disable this option it does so but when I get to the folder properties again they are again set to read only. I decided not to backup anything and I started the ComboFix without it. The program told me that it will change my clock settings but they aren't changed. I waited for 30 hours and nothing happened still. Then I stopped the program. I'm trying to run it again now to see if everything is going to run ok but my question is should I run it in Safe mode or not because when I set the files not to read only there are a couple of files that cannot be accessed because they are currently running - most of them are svchost.exe.[numbers here].hdmp.

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:50 AM

Posted 15 January 2009 - 05:34 PM

Hello Lamotia,

Running ComboFix in safe mode seems a good option at this time, yes. :thumbsup:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 lamotia

lamotia
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 17 January 2009 - 12:41 PM

hi thunder,

I ran it once - the program wanted me to restart the PC and there was no log produced. Then I ran it a second time and here is what came out:

ComboFix 09-01-13.04 - Administrateur 2009-01-16 9:37:20.4 - NTFSx86 MINIMAL
Microsoft Windows XP Edition familiale 5.1.2600.3.1251.359.1036.18.1014.815 [GMT 1:00]
Running from: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090108-0] *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-15 20:25 . 2009-01-15 20:26 <REP> d-------- C:\bla
2009-01-10 18:31 . 2009-01-10 18:31 53 --a------ c:\windows\DelToolbox.bat
2009-01-08 17:36 . 2009-01-08 18:29 21,275 --a------ c:\windows\system32\drivers\AegisP.sys
2009-01-08 17:30 . 2009-01-08 17:30 155 --a------ C:\version.ini
2009-01-07 13:05 . 2009-01-07 13:05 <REP> d-------- c:\documents and settings\NetworkService\Application Data\Intel
2009-01-07 13:05 . 2009-01-07 13:05 <REP> d-------- c:\documents and settings\LocalService\Application Data\Intel
2009-01-07 13:04 . 2009-01-07 13:04 <REP> d-------- c:\documents and settings\***\Application Data\Intel
2009-01-07 13:04 . 2009-01-07 13:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Intel
2009-01-07 13:04 . 2009-01-07 13:04 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Intel
2009-01-07 13:00 . 2009-01-07 13:00 <REP> d-------- c:\program files\DIFX
2009-01-07 12:59 . 2007-08-27 11:12 2,777,088 --a------ c:\windows\system32\NETw4r32.dll
2009-01-07 12:59 . 2007-09-26 06:01 2,236,032 --a------ c:\windows\system32\drivers\NETw4x32.sys
2009-01-07 12:59 . 2007-08-27 11:12 745,472 --a------ c:\windows\system32\NETw4c32.dll
2009-01-05 18:18 . 2006-12-17 09:43 <REP> d-------- c:\documents and settings\Administrateur\WINDOWS
2009-01-05 18:18 . <REP> c:\documents and settings\Administrateur\Voisinage reseau
2009-01-05 18:18 . 2006-05-26 10:21 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-01-05 18:18 . <REP> c:\documents and settings\Administrateur\Modeles
2009-01-05 18:18 . 2006-12-17 09:43 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2009-01-05 18:18 . <REP> c:\documents and settings\Administrateur\Menu Demarrer
2009-01-05 18:18 . 2006-12-17 09:43 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2009-01-05 18:18 . 2009-01-16 01:37 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-01-05 18:18 . 2006-12-17 09:43 <REP> d-------- c:\documents and settings\Administrateur\Application Data\toshiba
2009-01-05 18:18 . 2009-01-05 18:18 <REP> d-------- c:\documents and settings\Administrateur
2009-01-04 19:17 . 2008-02-15 12:45 172,032 --a------ c:\windows\system32\igfxres.dll
2009-01-04 19:11 . 2008-02-28 15:00 920,088 --a------ c:\windows\system32\igxpun.exe
2009-01-04 19:11 . 2006-11-10 08:25 319,456 --a------ c:\windows\system32\difxapi.dll
2009-01-04 19:10 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2009-01-04 19:09 . 2007-11-20 18:15 1,826,816 --a------ c:\windows\SkyTel.exe
2009-01-04 19:09 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys
2009-01-04 19:09 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys
2009-01-04 19:09 . 2008-10-27 18:12 34,816 --a------ c:\windows\system32\RtkCoInstXP.dll
2009-01-04 18:34 . 2009-01-05 19:30 <REP> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-01-04 18:31 . 2009-01-04 18:34 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
2009-01-04 18:28 . 2009-01-05 17:31 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\~0
2009-01-04 18:27 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2009-01-04 18:24 . 2009-01-04 18:27 <REP> d-------- c:\windows\system32\XPSViewer
2009-01-04 18:24 . 2009-01-04 18:24 <REP> d-------- c:\program files\MSBuild
2009-01-04 18:23 . 2009-01-04 18:23 <REP> d-------- c:\program files\Reference Assemblies
2009-01-04 18:23 . 2009-01-04 18:23 218 --a------ c:\windows\system32\spupdsvc.inf
2009-01-04 18:22 . 2008-07-06 13:06 1,676,288 --a------ c:\windows\system32\xpssvcs.dll
2009-01-04 18:22 . 2008-07-06 13:06 1,676,288 --a--c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-04 18:22 . 2008-07-06 11:50 597,504 --a--c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-04 18:22 . 2008-07-06 13:06 575,488 --a------ c:\windows\system32\xpsshhdr.dll
2009-01-04 18:22 . 2008-07-06 13:06 575,488 --a--c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-04 18:22 . 2008-07-06 13:06 117,760 --a------ c:\windows\system32\prntvpt.dll
2009-01-04 18:22 . 2008-07-06 13:06 89,088 --a--c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-04 17:46 . 2009-01-04 17:46 <REP> dr-h----- C:\AHCache
2009-01-04 17:38 . 2009-01-07 13:29 <REP> d-------- C:\install games
2008-12-31 14:59 . 2008-12-31 14:59 24,872 --a------ c:\windows\system32\drivers\ElbyCDIO.sys
2008-12-31 00:53 . 2008-12-31 00:53 103,360 --a------ c:\windows\system32\drivers\AnyDVD.sys
2008-12-16 08:05 . 2008-12-16 08:05 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 08:32 --------- d-----w c:\documents and settings\***\Application Data\DNA
2009-01-16 08:25 --------- d-----w c:\program files\DNA
2009-01-16 08:25 --------- d-----w c:\documents and settings\***\Application Data\Skype
2009-01-10 17:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-10 17:18 --------- d-----w c:\program files\USB Disk Win98 Driver
2009-01-08 16:29 --------- d-----w c:\program files\Intel
2009-01-08 16:03 --------- d-----w c:\documents and settings\***\Application Data\skypePM
2009-01-07 17:25 --------- d-----w c:\documents and settings\***\Application Data\BitTorrent
2009-01-04 18:16 --------- d-----w c:\program files\Google
2009-01-04 18:09 --------- d-----w c:\program files\Realtek
2009-01-04 15:42 --------- d-----w c:\program files\AVS4YOU
2009-01-04 15:40 --------- d-----w c:\program files\Apple Software Update
2009-01-04 15:37 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-23 19:31 --------- d-----w c:\documents and settings\***\Application Data\dvdcss
2008-12-16 07:05 --------- d-----w c:\program files\Java
2008-12-09 13:11 --------- d-----w c:\program files\BitTorrent
2008-11-24 14:11 --------- d-----w c:\program files\HP
2008-11-24 14:10 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-23 13:11 --------- d-----w c:\documents and settings\***\Application Data\HP
2008-11-23 13:06 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-11-23 13:03 --------- d-----w c:\program files\Fichiers communs\Sonic Shared
2008-11-23 13:03 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2008-11-23 13:02 --------- d-----w c:\program files\Fichiers communs\HP
2008-11-23 12:59 --------- d-----w c:\program files\Hewlett-Packard
2008-11-23 12:58 --------- d-----w c:\program files\Fichiers communs\Hewlett-Packard
2008-11-19 17:21 93,128 ----a-w c:\windows\system32\ElbyCDIO.dll
2008-10-28 16:18 17,331,200 ----a-w c:\windows\RTHDCPL.EXE
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-04-10 07:53 8,192 --sha-w c:\program files\Thumbs.db
2008-04-08 16:25 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-04-14 16:42 1,493 -c--a-w c:\documents and settings\WebmailSync\unins000.dat
2007-04-14 16:41 672,263 ----a-w c:\documents and settings\WebmailSync\unins000.exe
2007-04-02 11:09 602,112 ----a-w c:\documents and settings\WebmailSync\WebmailSync.exe
2007-02-24 14:42 1,434 -c--a-w c:\documents and settings\***\Application Data\SAS7_000.DAT
2005-12-06 09:50 303,104 ----a-w c:\documents and settings\WebmailSync\update.exe
2008-09-19 15:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091920080920\index.dat
.

------- Sigcheck -------

2004-08-05 11:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-14 03:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 03:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\system32\svchost.exe

2007-03-08 16:37 578560 753354f594809a9b96f73999b435a533 c:\windows\$NtServicePackUninstall$\user32.dll
2008-04-14 03:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\ServicePackFiles\i386\user32.dll
2008-04-14 03:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\system32\user32.dll

2004-08-05 11:00 82944 bc41f51a39d3b255805fdb759b7814ae c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-04-14 03:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-14 03:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\system32\ws2_32.dll

2007-10-11 00:22 825344 871ae10d6ae8877e9636ae5017953d52 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 02:42 825344 f4fd487241d3ac291046a22cebd2cf71 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 13:34 827392 5a0093f59b505c008ed0cee615563c72 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 08:19 827392 78d3d2b0be6ad3e6d82ccb115cf74310 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 16:40 827904 52589bae67dd9859724287372668690b c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2008-08-26 10:10 827904 4b0e70d44297877a313045bd059770e1 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
2008-10-16 20:33 827904 37d1a1bfe3d9904f2c3d11592456f9c0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
2006-10-23 16:34 668672 efa0c2870cba1747809a13e09f35bf82 c:\windows\ie7\wininet.dll
2006-11-07 21:03 818688 92995334f993e6e49c25c6d02ec04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll
2007-01-12 09:27 822784 be43d00d802c92f01c8cc952c6f483f8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
2007-02-27 14:26 822784 75de73e328e300caed5965faea2f5d3f c:\windows\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 08:40 822784 2c138ab59e2ffa06e8952ae656e443c5 c:\windows\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 14:24 823808 2274862267d7445e7010d9af826e89c3 c:\windows\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 10:59 824832 f6dfceed3a7aa4c9eeb966d3f1adc70a c:\windows\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 00:49 824832 bc5119c53bdd48dabc628d448a3bdccb c:\windows\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 03:08 824832 4fc90bece54fac81b0090b94e27bfb6b c:\windows\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 13:58 826368 8e027981ddffa690d456fe18b37415a0 c:\windows\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 05:16 826368 02d6aabd5f5a32c61478b5cdfe50e4a8 c:\windows\ie7updates\KB953838-IE7\wininet.dll
2008-06-23 17:28 826368 ac0bd61dc2c64906fbfe50e005fefa2c c:\windows\ie7updates\KB956390-IE7\wininet.dll
2008-08-26 09:11 826368 e30cacd98479b36a3dbfa3267bf62dd0 c:\windows\ie7updates\KB958215-IE7\wininet.dll
2008-04-14 03:33 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\ServicePackFiles\i386\wininet.dll
2008-10-16 21:18 826368 cfbfa47415e85018e2cdc509e5e3d011 c:\windows\system32\wininet.dll
2008-10-16 21:18 826368 cfbfa47415e85018e2cdc509e5e3d011 c:\windows\system32\dllcache\wininet.dll

2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\drivers\tcpip.sys

2004-08-05 11:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-14 03:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-14 03:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\system32\winlogon.exe

2004-08-05 11:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

2004-08-05 11:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

2008-08-14 17:26 2068096 755b50949d0dbc0f0136b0db58765331 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2007-02-28 17:08 2019328 3e3df9f5d56b719f055e7d652e79f96b c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2008-04-14 03:07 2025984 92e82482cdb39929cf7b541a9648afae c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
2008-08-14 14:23 2068096 8da71f1900721e1e4fcb5b02d55fb771 c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-04-14 03:07 2067968 b71a8f101cefaf82fc5ec16130a54a3f c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-08-14 14:23 2025984 f2dec52ed964ad57220b1f5aa32b5c61 c:\windows\system32\ntkrnlpa.exe
2008-08-14 14:23 2068096 8da71f1900721e1e4fcb5b02d55fb771 c:\windows\system32\dllcache\ntkrnlpa.exe

2008-08-14 17:26 2191232 d79210549bbf09b7638e860440504299 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2007-02-28 17:08 2139648 de41f3b43b9f15e08ccd4b98a7bb2ca3 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2008-04-14 03:07 2147328 b10c36956eb7a8b1586dbe3b43875280 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
2008-08-14 14:23 2191232 c8d4d5974f9671da0a37175650912960 c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-04-14 03:08 2191104 099d639da1ef6968d4e41795bb507e6b c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-08-14 14:23 2147328 e422f0930804a5d6e697e5d7dbfd9863 c:\windows\system32\ntoskrnl.exe
2008-08-14 14:23 2191232 c8d4d5974f9671da0a37175650912960 c:\windows\system32\dllcache\ntoskrnl.exe

2008-04-14 03:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\explorer.exe
2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 03:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-05 11:00 108544 732e0b1abaace15d80ec19056b0a2af9 c:\windows\$NtServicePackUninstall$\services.exe
2008-04-14 03:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\ServicePackFiles\i386\services.exe
2008-04-14 03:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\system32\services.exe

2004-08-05 11:00 13312 9f3744a5c6f49291a7a685040a013399 c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-14 03:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-14 03:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\system32\lsass.exe

2004-08-05 11:00 15360 5584247b568c2e53934873f4b655fe6a c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 03:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 03:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\system32\ctfmon.exe

2005-06-11 00:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe
2008-04-14 03:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 03:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\system32\spoolsv.exe

2004-08-05 11:00 25088 d6d65ea32b190401b57edb6706f29669 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 03:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 03:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\system32\userinit.exe

2004-08-05 11:00 297984 7d521b8cf926459e270d18c559323815 c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-14 03:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-14 03:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 1077329]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 638976]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 53248]
"SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 262144]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-22 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"TPSMain"="TPSMain.exe" [2005-08-12 c:\windows\system32\TPSMain.exe]
"Zooming"="ZoomingHook.exe" [2005-06-06 c:\windows\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2006-01-03 c:\windows\system32\TCtrlIOHook.exe]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 c:\windows\agrsmmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.DVSD"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-02 111184]
S3 InputPen;USB Input Pen;c:\windows\system32\drivers\InputPen2K.sys [2002-08-15 14365]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-01-14 21632]
S4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-02 20560]
S4 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-04-18 98816]
.
- - - - ORPHANS REMOVED - - - -

BHO-{4129CF89-472A-4451-BF17-02080D0C7DF0} - c:\windows\system32\wvUmliIY.dll
BHO-{CDADEA8C-AD82-43F0-94B0-35EAFCC7E765} - c:\windows\system32\byXNeFvw.dll
HKLM-Run-ISUSPM Startup - c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Notify-fcccdEUM - fcccdEUM.dll
Notify-geBqOeFX - geBqOeFX.dll


.
------- Supplementary Scan -------
.
mStart Page = hxxp://home.sweetim.com
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 09:40:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ШЂ|яяяяЂ|щ9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Completion time: 2009-01-16 9:43:30
ComboFix-quarantined-files.txt 2009-01-16 08:43:28

Pre-Run: 31,022,309,376 octets libres
Post-Run: 31,009,333,248 octets libres

315 --- E O F --- 2008-12-17 22:07:00

#6 lamotia

lamotia
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 17 January 2009 - 12:49 PM

Here is also the log from ComboFix-quarantined-files.txt. I thought you might want to see this:

1980-04-06 14:14:52 A------- 169,814 C:\Qoobox\Quarantine\C\WINDOWS\system32\wvFeNXyb.ini2.vir
1980-04-06 14:14:52 A------- 170,427 C:\Qoobox\Quarantine\C\WINDOWS\system32\wvFeNXyb.ini.vir
1980-04-07 08:12:19 A------- 39,568 C:\Qoobox\Quarantine\C\WINDOWS\BMbf57843d.txt.vir
1980-04-07 08:12:19 A------- 101,091 C:\Qoobox\Quarantine\C\WINDOWS\BMbf57843d.xml.vir
1980-04-07 08:12:36 A------- 706,171 C:\Qoobox\Quarantine\C\WINDOWS\system32\whbvqchp.ini.vir
2008-04-07 09:59:07 A------- 706,398 C:\Qoobox\Quarantine\C\WINDOWS\system32\owabkkwh.ini.vir
2008-04-07 20:15:50 A------- 720,467 C:\Qoobox\Quarantine\C\WINDOWS\system32\kxcjnggk.ini.vir
2008-04-08 07:41:29 A------- 731,324 C:\Qoobox\Quarantine\C\WINDOWS\system32\fypjlrer.ini.vir
2008-04-08 23:46:18 A------- 97 C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir
2008-04-09 09:05:06 A------- 171,037 C:\Qoobox\Quarantine\C\WINDOWS\system32\YIilmUvw.ini.vir
2008-04-09 09:05:06 A------- 171,037 C:\Qoobox\Quarantine\C\WINDOWS\system32\YIilmUvw.ini2.vir
2008-04-09 13:30:46 A------- 709,660 C:\Qoobox\Quarantine\C\WINDOWS\system32\tanapofb.ini.vir
2008-04-09 18:59:18 A------- 715,407 C:\Qoobox\Quarantine\C\WINDOWS\system32\nksukfqc.ini.vir
2008-04-09 22:53:11 A------- 715,587 C:\Qoobox\Quarantine\C\WINDOWS\system32\qevgyanv.ini.vir
2008-04-10 10:29:10 A------- 741,432 C:\Qoobox\Quarantine\C\WINDOWS\system32\bvkglljm.ini.vir
2008-04-11 15:43:12 A------- 850,060 C:\Qoobox\Quarantine\C\WINDOWS\system32\encixcto.ini.vir
2008-04-11 16:43:07 A------- 845,482 C:\Qoobox\Quarantine\C\WINDOWS\system32\udcvufih.ini.vir
2008-04-12 16:59:46 A------- 845,662 C:\Qoobox\Quarantine\C\WINDOWS\system32\vigeldbc.ini.vir
2008-04-13 00:29:12 A------- 845,842 C:\Qoobox\Quarantine\C\WINDOWS\system32\dcnevlga.ini.vir
2008-04-14 08:36:45 A------- 846,022 C:\Qoobox\Quarantine\C\WINDOWS\system32\qkgdywaw.ini.vir
2008-04-15 08:36:30 A------- 846,262 C:\Qoobox\Quarantine\C\WINDOWS\system32\umohgfyy.ini.vir
2008-04-16 18:51:40 A------- 844,462 C:\Qoobox\Quarantine\C\WINDOWS\system32\qlsjfjqp.ini.vir
2008-04-16 19:51:38 A------- 1,003,923 C:\Qoobox\Quarantine\C\WINDOWS\system32\lmkngysq.ini.vir
2009-01-15 20:27:28 A------- 486 C:\Qoobox\Quarantine\catchme.log
2009-01-16 01:41:39 A------- 7,553 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-01-16 09:41:36 A------- 374 C:\Qoobox\Quarantine\Registry_backups\BHO-{4129CF89-472A-4451-BF17-02080D0C7DF0}.reg.dat
2009-01-16 09:41:36 A------- 374 C:\Qoobox\Quarantine\Registry_backups\BHO-{CDADEA8C-AD82-43F0-94B0-35EAFCC7E765}.reg.dat
2009-01-16 09:41:39 A------- 164 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ISUSPM Startup.reg.dat
2009-01-16 09:41:51 A------- 498 C:\Qoobox\Quarantine\Registry_backups\Notify-fcccdEUM.reg.dat
2009-01-16 09:41:52 A------- 498 C:\Qoobox\Quarantine\Registry_backups\Notify-geBqOeFX.reg.dat

#7 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:50 AM

Posted 17 January 2009 - 06:38 PM

Hello Lamotia,

Your log looks fine now. :thumbsup:

Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#8 lamotia

lamotia
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 18 January 2009 - 05:25 AM

still experiencing the same stuff - all files are read only, Firefox and IE won't work even though I can ping sites from Run > CMD and Windows gives me blue screen on shut down. I scanned the machine with hijackthis again and the log it produced is the same one from my previous post. I'm thinking that each time I restart the PC Windows loads from a specific restore point. Should I try disabling the system restore feature and run ComboFix again? Here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14, on 2009-01-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tamara Saggini\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {24E9519B-3F70-429B-99BC-4B2B49B96F66} - (no file)
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4129CF89-472A-4451-BF17-02080D0C7DF0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CDADEA8C-AD82-43F0-94B0-35EAFCC7E765} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CH/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader...ache=20071219-1
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: fcccdEUM - C:\WINDOWS\
O20 - Winlogon Notify: geBqOeFX - C:\WINDOWS\
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 12450 bytes

#9 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:50 AM

Posted 18 January 2009 - 07:03 AM

Hello Lamotia,

DO NOT disable system restore !! If things go bad, it's better to have an infected restore point, than none at all. :thumbsup:

I assume you are working from an account that has administrator rights ?
Is the file system NTFS ? (Right click on your drive in my computer go to properties. It will say if file system is NTFS or FAT32)
using Windows Explorer, right click the C:-drive > Properties > Security > Permissions : check if you account name is listed and when selected, if all options are checked.

If all of that checks out OK, then run a drive check :
Click the "Tools" tab at the top of the Properties window,
In the "Error-checking" section, click the button "Check now".
Make sure the option "Automatically fix file system errors" is checked and click "Start".
Chkdsk cannot carry out repair functions if any of the files on a disk are locked or in use. So it generally requires a reboot to run a check on any active volume with files in use. Chkdsk then runs before the full system is loaded and files become locked.

After reboot, please run ComboFix again and post the fresh log in your next relpy.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users