Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected with a DNS Changer Trojan

  • This topic is locked This topic is locked
5 replies to this topic

#1 nosone


  • Members
  • 3 posts
  • Local time:11:19 AM

Posted 25 February 2009 - 06:23 PM

Hi, I've recently been unable to update the definitions for any of my anti-malware programs, including McAfee Virusscan Enterprise, SuperAntiSpyware, MBAM, Ad Aware, and Windows Defender. I've ran these programs as-is in both normal startup and in safe mode; each time, it seems new infections are found (although the number has decreased since I began running SAS and MBAM).

Both MBAM and SAS report DNS changers; the symptoms of which include random popups in both IE and Firefox, Vimax banners on almost every page, the inability to update definitions (as above), and (although this no longer seems to occur) infrequent redirection in web browsing.

I'm not all too tech saavy, so any help would be much appreciated. Below is my HijackThis log. Thanks in advance!

DDS (Ver_09-02-01.01) - NTFSx86
Run by KO at 18:08:35.73 on Wed 02/25/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2941.1709 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Toshiba\TRCMan\TRCMan.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [TRCMan] c:\program files\toshiba\trcman\TRCMan.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://qscan.bitdefender.com/cab/ActiveQscan.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\ko\appdata\roaming\mozilla\firefox\profiles\hp4rlksl.default\
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-22 64160]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-6-13 20352]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-13 7168]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-6-13 937984]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-12-16 36928]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-02-25 17:58 <DIR> --d----- c:\program files\Trend Micro
2009-02-25 11:22 <DIR> --d----- c:\users\ko\appdata\roaming\Malwarebytes
2009-02-25 11:22 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-25 11:22 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-25 11:22 <DIR> --d----- c:\programdata\Malwarebytes
2009-02-25 11:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 11:22 <DIR> --d----- c:\progra~2\Malwarebytes
2009-02-24 15:51 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-02-24 15:51 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-02-24 15:51 <DIR> --d----- c:\users\ko\appdata\roaming\SUPERAntiSpyware.com
2009-02-24 15:51 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-24 15:50 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-02-22 23:21 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-22 22:38 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-22 22:37 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-22 22:37 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-22 22:37 <DIR> --d----- c:\programdata\Lavasoft
2009-02-22 22:37 <DIR> --d----- c:\program files\Lavasoft
2009-02-11 20:56 827,392 a------- c:\windows\system32\wininet.dll
2009-02-11 20:56 1,383,424 a------- c:\windows\system32\mshtml.tlb

==================== Find3M ====================

2008-12-27 19:08 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-12-27 19:08 143,360 a------- c:\windows\inf\infstrng.dat
2008-12-27 19:08 51,200 a------- c:\windows\inf\infpub.dat
2008-12-27 19:08 86,016 a------- c:\windows\inf\infstor.dat
2008-12-09 23:53 148,942 a------- c:\windows\hpoins19.dat
2008-11-09 21:46 114,568 a------- c:\users\ko\appdata\roaming\GDIPFONTCACHEV1.DAT
2008-07-09 20:44 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 21:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18:09:08.67 ===============

Attached Files

BC AdBot (Login to Remove)


#2 suebaby41


    W.A.M. (Women Against Malware)

  • Malware Response Team
  • 6,248 posts
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:19 AM

Posted 11 March 2009 - 09:02 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 nosone

  • Topic Starter

  • Members
  • 3 posts
  • Local time:11:19 AM

Posted 11 March 2009 - 01:50 PM

Here are the contents of the new .txt:

Logfile of random's system information tool 1.05 (written by random/random)
Run by KO at 2009-03-11 14:46:38
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 119 GB (63%) free of 189 GB
Total RAM: 2941 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:49 PM, on 3/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Toshiba\TRCMan\TRCMan.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\KO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TRCMan] C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) - http://qscan.bitdefender.com/cab/ActiveQscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

End of file - 8401 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2008-01-24 66880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-06 35840]

"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-29 4911104]
"TRCMan"=C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe [2008-01-11 692224]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-10-25 413696]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2008-01-17 431456]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2007-11-01 54608]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-06-16 448080]
"jswtrayutil"=C:\Program Files\Jumpstart\jswtrayutil.exe []
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"NDSTray.exe"=NDSTray.exe []
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2008-03-14 136512]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-01-24 111952]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-08 515416]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-06 148888]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-06 1830128]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2008-01-22 712704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe [2008-02-14 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMAgent]
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe [2007-12-13 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]


"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"


shell\AutoRun\command - E:\Counter-Strike.Source.S@jmoN.v01.06.2oo8.exe

======List of files/folders created in the last 1 months======

2009-03-11 14:46:38 ----D---- C:\rsit
2009-03-11 04:33:46 ----A---- C:\Windows\system32\wmp.dll
2009-03-11 04:33:44 ----A---- C:\Windows\system32\spwmp.dll
2009-03-11 04:33:43 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-11 04:33:42 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-11 04:33:32 ----A---- C:\Windows\system32\schannel.dll
2009-03-06 23:22:37 ----A---- C:\Windows\system32\javaws.exe
2009-03-06 23:22:37 ----A---- C:\Windows\system32\javaw.exe
2009-03-06 23:22:37 ----A---- C:\Windows\system32\java.exe
2009-03-05 19:03:56 ----A---- C:\Windows\system32\infocardapi.dll
2009-03-05 19:03:53 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-05 19:03:48 ----A---- C:\Windows\system32\icardagt.exe
2009-03-05 19:03:47 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-03-05 19:03:47 ----A---- C:\Windows\system32\icardres.dll
2009-03-05 19:03:42 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-03-05 19:03:30 ----A---- C:\Windows\system32\PresentationHost.exe
2009-03-05 18:46:22 ----A---- C:\Windows\system32\dfshim.dll
2009-03-05 18:46:03 ----A---- C:\Windows\system32\mscoree.dll
2009-03-05 18:45:57 ----A---- C:\Windows\system32\netfxperf.dll
2009-03-05 18:44:47 ----A---- C:\Windows\system32\mscorier.dll
2009-03-05 18:44:24 ----A---- C:\Windows\system32\mscories.dll
2009-02-26 19:34:43 ----A---- C:\Windows\system32\EncDec.dll
2009-02-26 19:34:38 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-25 18:58:42 ----D---- C:\Program Files\Trend Micro
2009-02-25 12:22:54 ----D---- C:\Users\KO\AppData\Roaming\Malwarebytes
2009-02-25 12:22:49 ----D---- C:\ProgramData\Malwarebytes
2009-02-25 12:22:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-24 16:51:26 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-02-24 16:51:22 ----D---- C:\Users\KO\AppData\Roaming\SUPERAntiSpyware.com
2009-02-24 16:51:22 ----D---- C:\Program Files\SUPERAntiSpyware
2009-02-24 16:50:58 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-23 00:21:37 ----A---- C:\Windows\system32\lsdelete.exe
2009-02-22 23:38:04 ----DC---- C:\Windows\system32\DRVSTORE
2009-02-22 23:37:49 ----HDC---- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-22 23:37:36 ----D---- C:\ProgramData\Lavasoft
2009-02-22 23:37:36 ----D---- C:\Program Files\Lavasoft
2009-02-14 12:14:36 ----D---- C:\RECYCLER

======List of files/folders modified in the last 1 months======

2009-03-11 14:46:49 ----D---- C:\Windows\Prefetch
2009-03-11 14:46:41 ----D---- C:\Windows\Temp
2009-03-11 14:43:57 ----D---- C:\Program Files\Mozilla Firefox
2009-03-11 08:19:57 ----D---- C:\Windows\winsxs
2009-03-11 08:14:30 ----D---- C:\Windows\inf
2009-03-11 08:14:30 ----AD---- C:\Windows\System32
2009-03-11 08:14:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-03-11 08:09:49 ----D---- C:\Windows\system32\catroot
2009-03-11 08:06:19 ----D---- C:\Program Files\Windows Media Player
2009-03-11 08:06:17 ----D---- C:\Program Files\Windows Mail
2009-03-11 08:00:28 ----SHD---- C:\System Volume Information
2009-03-11 04:32:55 ----D---- C:\Windows\system32\catroot2
2009-03-08 22:50:47 ----D---- C:\Windows\system32\drivers
2009-03-06 23:23:11 ----SHD---- C:\Windows\Installer
2009-03-06 23:23:09 ----HD---- C:\Config.Msi
2009-03-06 23:21:57 ----A---- C:\Windows\system32\deploytk.dll
2009-03-06 23:21:49 ----D---- C:\Program Files\Java
2009-03-06 02:06:15 ----D---- C:\Windows\rescache
2009-03-06 01:59:59 ----D---- C:\Windows\Microsoft.NET
2009-03-06 01:59:44 ----RSD---- C:\Windows\assembly
2009-03-06 01:47:54 ----D---- C:\Windows\system32\XPSViewer
2009-03-06 01:47:54 ----D---- C:\Windows\system32\wbem
2009-03-06 01:47:54 ----D---- C:\Windows\system32\en-US
2009-03-06 01:40:44 ----D---- C:\Quarantine
2009-02-27 09:06:10 ----D---- C:\Windows\ehome
2009-02-26 16:20:48 ----D---- C:\Program Files
2009-02-25 18:47:39 ----SD---- C:\Windows\Downloaded Program Files
2009-02-25 18:22:32 ----A---- C:\Windows\ntbtlog.txt
2009-02-25 12:22:49 ----HD---- C:\ProgramData
2009-02-24 16:50:58 ----D---- C:\Program Files\Common Files
2009-02-23 01:24:11 ----D---- C:\Users\KO\AppData\Roaming\.purple
2009-02-22 23:38:19 ----D---- C:\Windows\system32\Tasks
2009-02-22 23:38:15 ----D---- C:\Windows\Tasks
2009-02-22 23:03:46 ----SD---- C:\Users\KO\AppData\Roaming\Microsoft
2009-02-22 23:03:24 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-22 23:03:14 ----D---- C:\ProgramData\eBay
2009-02-21 10:21:56 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-02-14 15:22:19 ----D---- C:\Users\KO\AppData\Roaming\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 jswpslwf;JumpStart Wireless Filter Driver; C:\Windows\system32\DRIVERS\jswpslwf.sys [2007-08-31 20352]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [2008-01-24 31816]
R1 mfetdik;McAfee Inc.; C:\Windows\system32\drivers\mfetdik.sys [2008-01-24 52104]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-01-25 764416]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-28 2929664]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-20 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-20 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-20 36864]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528]
R3 mfeapfk;McAfee Inc.; C:\Windows\system32\drivers\mfeapfk.sys [2008-01-24 64232]
R3 mfeavfk;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk.sys [2008-01-24 72936]
R3 mfebopk;McAfee Inc.; C:\Windows\system32\drivers\mfebopk.sys [2008-01-24 33960]
R3 mfehidk;McAfee Inc.; C:\Windows\system32\drivers\mfehidk.sys [2008-01-24 171400]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-28 104448]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]
R3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-05-29 27672]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IO_Memory;IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 PsSdk41;PsSdk41; \??\C:\Windows\system32\Drivers\pssdk41.sys [2008-12-16 36928]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys []
S3 SVRPEDRV;SVRPEDRV; \??\C:\Windows\System32\sysprep\UP_date\PEDrv.sys []
S3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-20 7680]
S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2008-01-20 521216]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2006-11-09 219264]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2006-11-09 211072]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-07-28 610304]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2008-03-14 103744]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2008-01-24 144704]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2008-01-24 54608]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 pinger;pinger; C:\Toshiba\IVP\ISM\pinger.exe [2007-01-25 136816]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2007-10-23 66928]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2008-01-17 431456]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]


#4 nosone

  • Topic Starter

  • Members
  • 3 posts
  • Local time:11:19 AM

Posted 11 March 2009 - 01:53 PM

As a point of note, the symptoms seem to have been subdued the last posting, however I still can't update some files for Windows Defender if that makes any difference.

#5 suebaby41


    W.A.M. (Women Against Malware)

  • Malware Response Team
  • 6,248 posts
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:19 AM

Posted 14 March 2009 - 11:01 AM

  • If you are running Kaspersky antivirus, it may give you warnings about combofix.exe and catchme.exe being infected as Heur.Invader. These are false positives. Tell Kaspersky to Skip or Ignore these and let ComboFix run. McAfee may also interfere with ComboFix.
  • If you are using Online Armor's Firewall, you will have to uninstall it in order for ComboFix to work properly.
Please download ComboFix.
Alternate Link 1
Alternate Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop.
  • Double click on ComboFix and follow the prompts.
  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.
  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware.
    Click 'No' to exit.

  • Click Yes, to continue scanning for malware.
  • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
  • ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
  • ComboFix disconnects your machine from the Internet. The connection is automatically restored before ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Please post:
  • C:\ComboFix.txt (the log from ComboFix)
  • a new HijackThis log

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 suebaby41


    W.A.M. (Women Against Malware)

  • Malware Response Team
  • 6,248 posts
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:19 AM

Posted 24 March 2009 - 07:02 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users