Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected withe internet hijack virus, sorry I do not know which one


  • This topic is locked This topic is locked
9 replies to this topic

#1 wren73

wren73

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 05 October 2009 - 09:34 PM

I have virus/malware/spyware that hijacks internet pages, will not allow me to access spybot nor malware bytes.

DDS (Ver_09-09-29.01) - NTFSx86
Run by JeSsIcA at 20:36:03.57 on Mon 10/05/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.myway.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [TFncKy] TFncKy.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [<NO NAME>]
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [ZoomingHook] ZoomingHook.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [Notebook Maximizer] c:\program files\notebook maximizer\maximizer_startup.exe
mRun: [gcasServ] "c:\program files\microsoft antispyware\gcasServ.exe"
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinLoad] c:\windows\system32\Winload.exe
mRun: [Winload32] c:\windows\system32\explorer32\winload32.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
TCP: NameServer = 85.255.112.130,85.255.112.184
TCP: {7AA11EDD-2239-4D6F-B487-4C53D27F9F92} = 85.255.112.130,85.255.112.184
TCP: {BC1BE880-0254-4D7B-AB57-EF46FFCD1EFC} = 85.255.112.130,85.255.112.184
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Microsoft.AntiSpyware.ShellExecuteHook.1: {9ef34ff2-3396-4527-9d27-04c8c1c67806} - c:\program files\microsoft antispyware\shellextension.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jessica\applic~1\mozilla\firefox\profiles\23xh0zb2.default\
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-05 20:04 <DIR> --d----- c:\program files\Trend Micro
2009-09-06 13:38 <DIR> --d----- c:\windows\system32\scripting
2009-09-06 13:38 <DIR> --d----- c:\windows\system32\en
2009-09-06 13:38 <DIR> --d----- c:\windows\system32\bits
2009-09-06 13:38 <DIR> --d----- c:\windows\l2schemas
2009-09-06 13:36 <DIR> --d----- c:\windows\ServicePackFiles
2009-09-06 13:33 <DIR> --d----- c:\windows\network diagnostic
2009-09-06 13:28 <DIR> --d----- c:\windows\EHome

==================== Find3M ====================

2009-09-06 13:41 77,607 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-15 09:47 3,698 a------- c:\docume~1\jessica\applic~1\wklnhst.dat
2007-09-29 15:24 2,482 a------- c:\program files\common files\temp.html
2007-09-27 20:05 546 a------- c:\program files\common files\tempeml.html
2006-05-31 09:14 108,056 a------- c:\program files\common files\secman.dll
2006-03-11 19:09 626,176 a------- c:\program files\common files\osmax.ocx
2003-11-02 23:52 301,321 a------- c:\documents and settings\all users\Office 2003 Editions 60 Day Trial.exe

============= FINISH: 20:36:40.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:14 PM

Posted 23 October 2009 - 07:21 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 wren73

wren73
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 01 November 2009 - 02:14 AM

I just appreciate any help you can give me! Here is the 2nd dds with attachment.

DDS (Ver_09-09-29.01) - NTFSx86
Run by JeSsIcA at 1:17:06.10 on Sun 11/01/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.myway.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [TFncKy] TFncKy.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [<NO NAME>]
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [ZoomingHook] ZoomingHook.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [Notebook Maximizer] c:\program files\notebook maximizer\maximizer_startup.exe
mRun: [gcasServ] "c:\program files\microsoft antispyware\gcasServ.exe"
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [WinLoad] c:\windows\system32\Winload.exe
mRun: [Winload32] c:\windows\system32\explorer32\winload32.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
TCP: NameServer = 85.255.112.130,85.255.112.184
TCP: {7AA11EDD-2239-4D6F-B487-4C53D27F9F92} = 85.255.112.130,85.255.112.184
TCP: {BC1BE880-0254-4D7B-AB57-EF46FFCD1EFC} = 85.255.112.130,85.255.112.184
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Microsoft.AntiSpyware.ShellExecuteHook.1: {9ef34ff2-3396-4527-9d27-04c8c1c67806} - c:\program files\microsoft antispyware\shellextension.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jessica\applic~1\mozilla\firefox\profiles\23xh0zb2.default\
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-05 21:36 <DIR> --d----- c:\program files\iTunes
2009-10-05 21:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-05 21:35 <DIR> --d----- c:\program files\Bonjour
2009-10-05 21:32 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-10-05 21:32 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-10-05 20:04 <DIR> --d----- c:\program files\Trend Micro

==================== Find3M ====================

2009-09-06 13:41 77,607 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-15 09:47 3,698 a------- c:\docume~1\jessica\applic~1\wklnhst.dat
2007-09-29 15:24 2,482 a------- c:\program files\common files\temp.html
2007-09-27 20:05 546 a------- c:\program files\common files\tempeml.html
2006-05-31 09:14 108,056 a------- c:\program files\common files\secman.dll
2006-03-11 19:09 626,176 a------- c:\program files\common files\osmax.ocx
2003-11-02 23:52 301,321 a------- c:\documents and settings\all users\Office 2003 Editions 60 Day Trial.exe

============= FINISH: 1:17:51.23 ===============

Attached Files



#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:14 PM

Posted 01 November 2009 - 03:11 AM

Hi wren73,



Welcome to BleepingComputer HijackThis Logs and Malware Removal, :(
My name is sundavis, I will be helping you to deal with your Malware problems today.



Step1

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Step2

Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Step3
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your next reply, please post back:


1.GMER log
2.MBAM log
3.RSIT log.txt and info.txt. Thanks.

#5 wren73

wren73
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 01 November 2009 - 10:26 PM

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-01 20:25:13
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\JeSsIcA\LOCALS~1\Temp\uxldrpob.sys


---- System - GMER 1.0.15 ----

Code 84C98120 ZwEnumerateKey
Code 84CA5120 ZwFlushInstructionCache
Code 84C73526 IofCallDriver
Code 84EBC07E IofCompleteRequest

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs NaiFiltr.sys

Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs EF9DA400

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\gaopdxhrfnrvrvxewqsainqodrubrrfwaiypbi.sys (*** hidden *** ) F24B2000-F24C7000 (86016 bytes)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\gaopdxhrfnrvrvxewqsainqodrubrrfwaiypbi.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxhrfnrvrvxewqsainqodrubrrfwaiypbi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxhrfnrvrvxewqsainqodrubrrfwaiypbi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxtexmqlrdhytbwmcdjomuwyalyxxkqaqb.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxhrfnrvrvxewqsainqodrubrrfwaiypbi.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxhrfnrvrvxewqsainqodrubrrfwaiypbi.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxtexmqlrdhytbwmcdjomuwyalyxxkqaqb.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxhrfnrvrvxewqsainqodrubrrfwaiypbi.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxhrfnrvrvxewqsainqodrubrrfwaiypbi.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxtexmqlrdhytbwmcdjomuwyalyxxkqaqb.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{8625F89A-CB4E-2097-FF6E-429168EE6358}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{8625F89A-CB4E-2097-FF6E-429168EE6358}\InProcServer32@jagkcbjlglmoklgdmahh 0x6B 0x61 0x65 0x6E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{8625F89A-CB4E-2097-FF6E-429168EE6358}\InProcServer32@iagkiadlkemfoiiljk 0x6A 0x61 0x65 0x6E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{8625F89A-CB4E-2097-FF6E-429168EE6358}\InProcServer32@ebgkcbjlglmoklgdmahhihniojmmhielofnkbjojof 0x6B 0x61 0x66 0x6E ...

---- Files - GMER 1.0.15 ----

File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\Calendar\Yearly\cal6\cal33 0 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\Calendar\Yearly\cal6\Calendar1.psf 377156 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\Calendar\Yearly\cal6\Calendar10.psf 295764 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\Calendar\Yearly\cal6\Calendar11.psf 396300 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\Calendar\Yearly\cal6\Calendar12.psf 416764 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\Calendar\Yearly\cal6\Calendar2.psf 392316 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\Calendar\Yearly\cal6\Calendar3.psf 365348 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\Calendar\Yearly\cal6\Calendar4.psf 375644 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\Calendar\Yearly\cal6\Calendar5.psf 339484 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\Calendar\Yearly\cal6\Calendar6.psf 333492 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\Calendar\Yearly\cal6\Calendar7.psf 352844 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\Calendar\Yearly\cal6\Calendar8.psf 347932 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\Calendar\Yearly\cal6\Calendar9.psf 389668 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\cal100 0 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\cal101 0 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\cal102 0 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\cal103 0 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\cal104 0 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\cal105 0 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\cal106 0 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\cal107 0 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\cal108 0 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\cal109 0 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\Calendar100.psf 349284 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\Calendar101.psf 507556 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\Calendar102.psf 385592 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\Calendar103.psf 235104 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\Calendar104.psf 490696 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\Calendar105.psf 270496 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\Calendar106.psf 229116 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\Calendar107.psf 472468 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\Calendar108.psf 124160 bytes
File C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Contents\Project\PhotoBook\Land\Theme\Occasions\Calendar109.psf 193876 bytes

---- EOF - GMER 1.0.15 ----

Will not let me download Malwarebytes' Anti-Malware






Logfile of random's system information tool 1.06 (written by random/random)
Run by JeSsIcA at 2009-11-01 20:32:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 45 GB (59%) free of 76 GB
Total RAM: 446 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:40 PM, on 11/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\explorer32\winsysmngr32.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\explorer32\svchost.exe
C:\WINDOWS\system32\explorer32\msSecurity.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\JeSsIcA\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\JeSsIcA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [WinLoad] C:\WINDOWS\system32\Winload.exe
O4 - HKLM\..\Run: [Winload32] C:\WINDOWS\system32\explorer32\winload32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio.../qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AA11EDD-2239-4D6F-B487-4C53D27F9F92}: NameServer = 85.255.112.130,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC1BE880-0254-4D7B-AB57-EF46FFCD1EFC}: NameServer = 85.255.112.130,85.255.112.184
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.130,85.255.112.184
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.130,85.255.112.184
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.130,85.255.112.184
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 9844 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Security Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 118844]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2003-08-18 114743]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TCtryIOHook"=C:\WINDOWS\system32\TCtrlIOHook.exe [2005-08-05 28672]
"TFncKy"=TFncKy.exe []
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-07-05 344064]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-23 196608]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2005-04-12 184320]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-04-12 88358]
"NDSTray.exe"=NDSTray.exe []
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2004-05-01 28672]
"SVPWUTIL"=C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [2004-05-01 65536]
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-04-05 73728]
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2005-06-30 671744]
""= []
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-09-07 1077301]
"ZoomingHook"=C:\WINDOWS\system32\ZoomingHook.exe [2005-06-06 24576]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2005-06-08 53248]
"VSOCheckTask"=c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe [2004-07-01 139264]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"VirusScan Online"=c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe [2004-08-17 180224]
"Notebook Maximizer"=C:\Program Files\Notebook Maximizer\maximizer_startup.exe [2004-05-25 28672]
"gcasServ"=C:\Program Files\Microsoft AntiSpyware\gcasServ.exe [2005-11-15 473928]
"CFSServ.exe"=CFSServ.exe -NoClient []
"WinLoad"=C:\WINDOWS\system32\Winload.exe []
"Winload32"=C:\WINDOWS\system32\explorer32\winload32.exe [2007-05-10 61440]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-07-05 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"=C:\Program Files\Microsoft AntiSpyware\shellextension.dll [2005-11-15 101080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1135548249\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1135548249\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1135548249\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1135548249\ee\aim6.exe:*:Enabled:AIM"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Common Files\AOL\1135969919\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1135969919\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1135969919\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1135969919\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe"="C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Disabled:ConfigFree SUMMIT Engine"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48daddd8-cb85-11dd-9e19-0011f58df42d}]
shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a84cab10-7870-11dd-9e10-0011f58df42d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-8-5-92-100014364-100016179-100027105-1408.com e:\
shell\Open\command - RECYCLER\S-8-5-92-100014364-100016179-100027105-1408.com e:\


======List of files/folders created in the last 1 months======

2009-11-01 20:32:30 ----D---- C:\rsit
2009-10-06 02:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-10-06 02:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-10-06 02:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-10-06 02:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-10-05 20:36:52 ----D---- C:\Program Files\iTunes
2009-10-05 20:36:52 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-05 20:35:53 ----D---- C:\Program Files\Bonjour
2009-10-05 20:35:08 ----D---- C:\Program Files\QuickTime
2009-10-05 20:33:33 ----D---- C:\Program Files\Apple Software Update
2009-10-05 20:32:46 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-10-05 19:24:23 ----A---- C:\RootRepeal report 10-05-09 (20-24-23).txt
2009-10-05 19:04:17 ----D---- C:\Program Files\Trend Micro
2009-10-05 18:49:03 ----D---- C:\Documents and Settings\JeSsIcA\Application Data\Mozilla
2009-10-05 18:48:39 ----D---- C:\Program Files\Mozilla Firefox
2009-10-05 18:35:52 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2009-11-01 20:32:09 ----D---- C:\Program Files\Microsoft AntiSpyware
2009-11-01 20:32:01 ----D---- C:\WINDOWS\system32\explorer32
2009-11-01 00:19:25 ----D---- C:\WINDOWS\Temp
2009-11-01 00:18:01 ----D---- C:\WINDOWS\Prefetch
2009-10-15 19:31:41 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-10-11 20:51:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-11 18:21:02 ----RD---- C:\Program Files
2009-10-11 18:20:03 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-10-07 21:44:03 ----D---- C:\WINDOWS
2009-10-06 02:07:06 ----HD---- C:\Config.Msi
2009-10-06 02:07:06 ----D---- C:\WINDOWS\system32
2009-10-06 02:00:46 ----HD---- C:\WINDOWS\inf
2009-10-06 02:00:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-06 02:00:41 ----A---- C:\WINDOWS\imsins.BAK
2009-10-06 02:00:39 ----D---- C:\WINDOWS\WinSxS
2009-10-06 02:00:36 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-05 20:50:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-05 20:40:39 ----D---- C:\Documents and Settings\JeSsIcA\Application Data\Apple Computer
2009-10-05 20:38:20 ----SHD---- C:\WINDOWS\Installer
2009-10-05 20:37:44 ----D---- C:\WINDOWS\system32\drivers
2009-10-05 20:37:42 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-05 20:37:06 ----D---- C:\Program Files\iPod
2009-10-05 20:37:06 ----D---- C:\Program Files\Common Files\Apple
2009-10-05 20:33:39 ----SD---- C:\WINDOWS\Tasks
2009-10-05 20:32:58 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-10-05 18:49:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-05 18:42:19 ----D---- C:\Program Files\Norton Security Scan
2009-10-05 18:36:14 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-07-30 6400]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545]
R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-06-03 9600]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-08-16 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2005-09-22 15890]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-04-12 1066278]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-15 101874]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-22 393600]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-07-05 1245696]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 NaiFiltr;NaiFiltr; C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys [2002-03-13 23296]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]
R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-04-15 29056]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-28 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-28 21744]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 uxldrpob;uxldrpob; \??\C:\DOCUME~1\JeSsIcA\LOCALS~1\Temp\uxldrpob.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\ACS.exe [2004-12-22 36864]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-07-05 376832]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine; c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe [2004-08-26 122880]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-06-23 40960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2002-03-13 225375]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------





info.txt logfile of random's system information tool 1.06 2009-11-01 20:32:42

======Uninstall list======

-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA561482-C49D-4687-A61C-96236C1688F0}\Setup.exe" -l0x9
Atheros Client Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\Setup.exe" -l0x9
Atheros Wireless LAN MiniPCI card Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
Game Maker 7.0-->E:\Uninstal.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP PSC & Officejet 4.7 Corporate Edition-->"C:\Program Files\HP\Digital Imaging\{8EA67542-82B6-4c5c-8AD3-CD36232C1362}\setup\hpzscr01.exe" -datfile hposcr05.dat
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPod for Windows 2005-09-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iPod for Windows 2006-06-28-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
LimeWire 4.10.0-->"C:\Program Files\LimeWire\uninstall.exe"
McAfee SecurityCenter-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=1 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft AntiSpyware-->MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Norton Security Scan-->MsiExec.exe /I{DA15D535-5E1D-4076-B520-8571346D6238}
Notebook Maximizer-->C:\WINDOWS\iun6002.exe "C:\Program Files\Notebook Maximizer\irunin.ini"
Pure Networks Port Magic-->C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
sat_screensaver_30mb-->C:\WINDOWS\sat_screensaver_30mb.scr /U
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Supple (remove only)-->"C:\Program Files\iWin.com\Supple\Uninstall.exe"
TOSHIBA Accessibility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3A57482F-BEBC-47E4-ADA1-6302403C7E50} /l1033
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5BCA8D15-BCB6-421E-9654-238B43456A4F} /l1033
TOSHIBA Fn-esse-->C:\WINDOWS\UnInst32.exe Fn-esse.UNI
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
TOSHIBA Hotkey Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7900D3A6-A9E8-4954-ACCB-AB15867978BF} /l1033
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE} /l1033
Toshiba Registration-->MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033
Toshiba Tbiosdrv Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu"
TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{02EED746-8C5A-43C8-BB3D-D29C8B363A4D} /l1033
Touch and Launch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
TouchPad On/Off Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{80977342-27E8-4FF7-8B6A-D8D89461DA7F} /l1033
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Wal-Mart Digital Photo Manager-->MsiExec.exe /X{5ABB5D02-BBAA-41D4-BDED-A52DB89A2D2F}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: McAfee VirusScan (outdated)

======System event log======

Computer Name: JESSICASPOOTER
Event Code: 1001
Message: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0011F58DF42D. The following error
occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 34814
Source Name: Dhcp
Time Written: 20090120082621.000000-360
Event Type: error
User:

Computer Name: JESSICASPOOTER
Event Code: 1001
Message: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0011F58DF42D. The following error
occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 34809
Source Name: Dhcp
Time Written: 20090120082209.000000-360
Event Type: error
User:

Computer Name: JESSICASPOOTER
Event Code: 1001
Message: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0011F58DF42D. The following error
occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 34798
Source Name: Dhcp
Time Written: 20090120080155.000000-360
Event Type: error
User:

Computer Name: JESSICASPOOTER
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 0011F58DF42D. The IP address being used is 169.254.117.199.

Record Number: 34795
Source Name: Dhcp
Time Written: 20090120075808.000000-360
Event Type: warning
User:

Computer Name: JESSICASPOOTER
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 0011F58DF42D. The IP address being used is 169.254.117.199.

Record Number: 34792
Source Name: Dhcp
Time Written: 20090120075051.000000-360
Event Type: warning
User:

=====Application event log=====

Computer Name: JESSICASPOOTER
Event Code: 5028
Message: VirusScan McShield service received an invalid filename from the NaiFiltr device driver.

Received name = \GLOBAL??\TFSWIFS

Process = tfswctrl.exe


Record Number: 3982
Source Name: McLogEvent
Time Written: 20080312161427.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JESSICASPOOTER
Event Code: 5028
Message: VirusScan McShield service received an invalid filename from the NaiFiltr device driver.

Received name = \GLOBAL??\TFSWIFS

Process = tfswctrl.exe


Record Number: 3979
Source Name: McLogEvent
Time Written: 20080312153849.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JESSICASPOOTER
Event Code: 5028
Message: VirusScan McShield service received an invalid filename from the NaiFiltr device driver.

Received name = \GLOBAL??\TFSWIFS

Process = tfswctrl.exe


Record Number: 3964
Source Name: McLogEvent
Time Written: 20080311233152.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JESSICASPOOTER
Event Code: 1517
Message: Windows saved user JESSICASPOOTER\JeSsIcA registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 3961
Source Name: Userenv
Time Written: 20080311233027.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JESSICASPOOTER
Event Code: 5028
Message: VirusScan McShield service received an invalid filename from the NaiFiltr device driver.

Received name = \GLOBAL??\TFSWIFS

Process = IEXPLORE.EXE


Record Number: 3958
Source Name: McLogEvent
Time Written: 20080311191856.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

#6 wren73

wren73
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 01 November 2009 - 10:29 PM

Thank you for the help sundavis. This stupid virus/trojan w/e the crap it is will not let me run malwarebytes or s & d. LOL any suggestions?

#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:14 PM

Posted 02 November 2009 - 03:08 AM

Hi wren73,


Will not let me download Malwarebytes' Anti-Malware

Yes, you have rootkit on board. After running ComboFix, you can download and run it.

Step1

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please rename ComboFix.exe to wren.exe before saving it to your dedktop.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: ComboFix has recently been updated to include the option for installing the Recovery Console automatically. You will see the below prompt when you first run ComboFix:


Posted Image


The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
It is a simple procedure that will only take a few moments of your time. Once Recovery Console is installed, you should see a blue screen prompt like the one below:


Posted Image

1.Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

2.Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.


In your next reply, please post back:

1.Combofix log
2.MBAM.log

Edited by sundavis, 02 November 2009 - 03:11 AM.


#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:14 PM

Posted 06 November 2009 - 10:20 PM

Due to Lack of feedback, this topic is now Closed.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:14 PM

Posted 07 November 2009 - 10:03 PM

Reopen as op requested.

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:14 PM

Posted 16 November 2009 - 10:34 PM

Since this issue appears resolved ... this Topic is closed.

Glad we could help.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users