Solved C:\windows\system32\drivers\spools.exe

[Resolved] C:\windows\system32\drivers\spools.exe

everytime i try and run a program a black window pops up entitled "C:\windows\system32\drivers\spools.exe ". Then another window pops up entitled "16 bit MS-DOS Subsystem" its says:
C:\WINDOWS\system32\drivers\spools.exe
The NTVDM CPU has encountered an illegal instruction.
CS:0dcd IP:010b OP:c6 5e 0f da 68 choose 'close' to terminate the application.

and it gives me a choice to 'close' or 'ignore'. it doesn't really matter what i choose, their both dead ends. I've been told i have a trojan virus. can anybody help me out?

 

Please read this topic, install the latest version of Hijackthis, run a scan and save the log (you can close it for now). Then, download and run Deckard's System Scanner and post BOTH the main.txt and extra.txt logs. You may be required to put them in sepearate posts due to character count limitations.

 

first off, my apologize for starting another post on another forum for the same problem. Im new to this site and i don't want to break any rules or try to "get ahead of the line" so to speak.

I downloaded hijackthis and deckhard's system scanner. I go to start>run and enter C:\programfiles\hjtinstall.exe. I press run and the spools.exe black window comes up again, all while in safe mode.

 

Is someone already helping you at the other forum? Got a link?

C:\programfiles\hjtinstall.exe will not work .... not the correct command format for the location shown. If you used the HijackThis installer, there should be an entry on the Start>All Programs list from which you can run it. If you downloaded the standalone exe file and saved it to the program files folder, you should first put it in it's own folder (name it HJT or something), then browse to it via My Computer to run it.

 

i put it in a new folder, but i can't run it via my computer because the spools.exe black window shows up again. here's the link http://www.windowsbbs.com/showthread.php?t=72517

 

Download ComboFix by sUBs from here, saving the file to your desktop.



Please disable realtime protection applications as they sometime interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Deckard's System Scanner v20071014.68
Run by Matthew D. Gramenz on 2008-04-06 02:00:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
44: 2008-04-06 09:00:49 UTC - RP389 - Deckard's System Scanner Restore Point
43: 2008-04-04 20:00:18 UTC - RP388 - Software Distribution Service 3.0
42: 2008-04-04 19:40:10 UTC - RP387 - Software Distribution Service 3.0
41: 2008-04-04 08:24:28 UTC - RP386 - Software Distribution Service 3.0
40: 2008-04-03 07:47:13 UTC - RP385 - Removed Norton Security Scan


-- First Restore Point --
1: 2008-02-14 11:32:49 UTC - RP346 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-06 02:03:56
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace-start.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: (no name) - {9940A84F-71CE-4F1F-9293-A811E59947D5} - C:\WINDOWS\system32\camoc.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Freeze.com Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\Freeze.com Toolbar\freeze_int.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [CFSServ.exe] C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe -NoClient
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\cpmrotate.dll" DllVerify
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Matthew D. Gramenz\cftmon.exe
O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Temporary Internet Files\Content.IE5\WH6FW1QZ\install_sbd_en[1].exe
O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe "
O4 - HKLM\..\RunOnceEx: [flags] 8
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe "
O4 - HKCU\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe "
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Matthew D. Gramenz\cftmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [DelayShred] "C:\Program Files\McAfee.com\Shredder\SHRED32.EXE" /q C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DFA924.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF8DC4.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\HSPERF~1.GRA\3336.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF8B3.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\PERFLI~1.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF71EB.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF6FAA.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\HSPERF~1.GRA\3220.SH!
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - Global Startup: RAMASST.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: https://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.sbcglobal.net (HKCU)
O15 - Trusted Zone: http://sbcglobal.net (HKCU)
O15 - Trusted Zone: https://sbcglobal.net (HKCU)
O15 - Trusted Zone: *.yahoo.com (HKCU)
O15 - Trusted Zone: http://yahoo.com (HKCU)
O15 - Trusted Zone: https://yahoo.com (HKCU)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} () - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll (file missing)
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: RMfnldOuK - {B4BDA73D-1E17-0D97-219F-AA0AA3F4D670} - C:\WINDOWS\system32\lkzfg.dll
O22 - SharedTaskScheduler: andropogon - {655560a9-3ca8-4509-9632-6abbef21426b} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: Swupdtmr - Unknown owner - C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


--
End of file - 15426 bytes

-- File Associations -----------------------------------------------------------

.exe - exefile - shell\open\command - C:\WINDOWS\system32\drivers\spools.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 nppoohfm - c:\windows\system32\drivers\ysdlwtjr.dat
R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsushita Electric Industrial Co.,Ltd.; >
R1 SrvcSSIOMngr - c:\windows\system32\drivers\ssiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 TPwSav (Common Driver) - c:\windows\system32\drivers\tpwsav.sys <Not Verified; TOSHIBA; >
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.10) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.10>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 Tvs (Toshiba Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

S1 lanmandrv - c:\windows\system32\lanmandrv.sys (file missing)
S3 bfastfao - c:\docume~1\matthe~1.gra\locals~1\temp\bfastfao.sys (file missing)
S3 EraserUtilDrv10741 - c:\program files\common files\symantec shared\eengine\eraserutildrv10741.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsushita Electric Industrial Co., Ltd.; >
R2 OneStep Search Service - "c:\program files\onestepsearch\onestep.exe" "c:\program files\onestepsearch\onestep.dll" service <Not Verified; OneStepSearch.net, Inc.; OneStep Search>
R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-28 08:16:14 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 01:52:09 0 d-------- C:\327882R2FWJFW
2008-04-06 01:28:08 0 d-------- C:\Program Files\hjt
2008-04-06 00:53:56 686630 --a------ C:\Program Files\dss.exe
2008-04-05 23:07:37 1612984 --a------ C:\Program Files\ComboFix.exe
2008-04-05 22:06:37 0 d--h----- C:\WINDOWS\PIF
2008-04-05 20:43:27 0 d-------- C:\Program Files\ClamWinPortable
2008-04-05 20:35:38 0 d-------- C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sonic
2008-04-04 03:40:28 73728 --a------ C:\Program Files\KillBox.exe <Not Verified; Option; Explicit Software vbtechcd@gmail.com>
2008-04-04 02:59:51 143243 --a------ C:\Program Files\xp_fix.exe
2008-04-04 01:26:30 0 d-------- C:\WINDOWS\network diagnostic
2008-04-03 09:40:24 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-03 02:00:48 0 d-------- C:\Program Files\Windows Sidebar
2008-04-03 02:00:32 0 d-------- C:\Program Files\Norton 360
2008-04-03 01:58:49 0 d-------- C:\Program Files\Symantec
2008-04-02 18:38:17 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-04-02 17:37:13 0 d-------- C:\Documents and Settings\Matthew D. Gramenz\Application Data\WinIFixer.com
2008-04-02 01:02:42 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-04-01 08:28:16 10 --a------ C:\WINDOWS\system32\kr_done1
2008-04-01 08:27:42 18432 --a------ C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
2008-04-01 08:26:50 28215 --a------ C:\WINDOWS\system32\drivers\spools.exe
2008-04-01 08:26:50 30376 --a------ C:\Documents and Settings\Matthew D. Gramenz\cftmon.exe
2008-03-25 16:49:36 0 d-------- C:\Logs


-- Find3M Report ---------------------------------------------------------------

2008-04-06 02:01:46 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-05 20:34:43 0 d-------- C:\Documents and Settings\Matthew D. Gramenz\Application Data\U3
2008-04-04 12:14:00 0 d-------- C:\Program Files\Google
2008-04-03 16:36:32 0 d-------- C:\Program Files\World of Warcraft
2008-04-03 16:21:39 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-03 09:40:24 0 d-------- C:\Program Files\Common Files
2008-04-03 09:38:18 0 d-------- C:\Program Files\QdrPack
2008-04-03 04:03:30 0 d-------- C:\Documents and Settings\Matthew D. Gramenz\Application Data\Symantec
2008-04-03 02:56:55 0 d-------- C:\Program Files\QdrModule
2008-04-03 02:52:56 0 d-------- C:\Program Files\RcvSystem
2008-03-09 05:51:25 186365413 --a----c- C:\Program Files\sorrywronghole.wmv
2008-03-08 00:36:32 0 d-------- C:\Program Files\OneStepSearch
2008-03-05 14:11:52 457132 --a----c- C:\Program Files\Gatherer-3.0.6.zip
2008-03-04 13:28:50 92416 --a------ C:\WINDOWS\system32\camoc.dll
2008-02-28 07:18:06 270335188 --a----c- C:\Program Files\bragg.wmv
2008-02-25 03:19:45 129723291 --a----c- C:\Program Files\cowgirls.wmv
2008-02-25 03:18:20 37000606 --a----c- C:\Program Files\maaamanda-4.wmv
2008-02-24 02:34:17 417345155 --a----c- C:\Program Files\brandy.wmv
2008-02-24 02:09:47 39887903 --a----c- C:\Program Files\sg3068-2.wmv
2008-02-22 14:16:43 0 d-------- C:\Program Files\The Weather Channel FW
2008-02-22 14:12:04 0 d-------- C:\Program Files\iTunes
2008-02-22 14:11:54 0 d-------- C:\Program Files\iPod
2008-02-19 20:37:12 0 d-------- C:\Program Files\LimeWire
2008-02-13 13:36:16 40713 --a----c- C:\WINDOWS\system32\cpmrot-uninst.exe
2008-02-13 07:14:02 59904 --a------ C:\WINDOWS\system32\cpmrotate.dll
2008-02-08 15:16:11 0 d-------- C:\Program Files\QuickTime
2008-02-07 02:00:48 758685 --a----c- C:\Program Files\TitanPanel312.20300-Rev240a.zip
2008-02-07 01:56:23 415954 --a----c- C:\Program Files\sct57.zip
2008-02-07 01:49:32 11168038 --a----c- C:\Program Files\Atlas_v1.10.3.zip
2008-02-06 20:48:15 580569 --a----c- C:\Program Files\X-Perl 2.3.9b.zip
2008-02-05 02:47:48 568345 --a----c- C:\Program Files\QuestHelper.zip


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
02/23/2008 07:08 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
04/03/2008 02:01 AM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9940A84F-71CE-4F1F-9293-A811E59947D5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [02/23/2008 07:08 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoomingHook "= "ZoomingHook.exe" [06/06/2005 09:58 AM C:\WINDOWS\system32\ZoomingHook.exe]
"Tvs "= "C:\Program Files\Toshiba\Tvs\TvsTray.exe" [04/05/2005 04:25 PM]
"TPSMain "= "TPSMain.exe" [05/31/2005 05:16 PM C:\WINDOWS\system32\TPSMain.exe]
"TPNF "= "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [06/08/2005 03:51 PM]
"TFncKy "= "C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" [04/18/2005 12:33 PM]
"TCtryIOHook "= "TCtrlIOHook.exe" [08/05/2005 08:02 PM C:\WINDOWS\system32\TCtrlIOHook.exe]
"SVPWUTIL "= "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [05/01/2004 01:45 PM]
"SmoothView "= "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [04/26/2005 04:13 PM]
"Pure Networks Port Magic "= "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [02/07/2005 01:04 PM]
"Pinger "= "c:\toshiba\ivp\ism\pinger.exe" [03/17/2005 05:37 PM]
"PadTouch "= "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [09/07/2004 02:03 PM]
"Notebook Maximizer "= "C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [05/04/2006 05:59 PM]
"NDSTray.exe "= "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe" [04/22/2005 11:54 AM]
"LtMoh "= "C:\Program Files\ltmoh\Ltmoh.exe" [04/12/2005 04:18 PM]
"HWSetup "= "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [05/01/2004 01:45 PM]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 06:33 AM]
"CeEKEY "= "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [06/30/2005 10:05 AM]
"ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [07/05/2005 09:05 PM]
"Apoint "= "C:\Program Files\Apoint2K\Apoint.exe" [03/23/2004 10:40 PM]
"AGRSMMSG "= "AGRSMMSG.exe" [04/12/2005 04:17 PM C:\WINDOWS\agrsmmsg.exe]
"BJCFD "= "C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 10:26 PM]
"CFSServ.exe "= "C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe" [04/12/2005 10:54 PM]
"IVPServiceMgr "= "C:\toshiba\ivp\ism\ivpsvmgr.exe" [10/20/2003 09:37 AM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"adstart "= "C:\WINDOWS\system32\cpmrotate.dll" [02/13/2008 07:14 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"ntuser "= "C:\WINDOWS\system32\drivers\spools.exe" [04/03/2008 05:47 PM]
"autoload "= "C:\Documents and Settings\Matthew D. Gramenz\cftmon.exe" [04/03/2008 05:47 PM]
"BluetoothAuthorizationAgent "= "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe" [04/01/2008 08:27 AM]
"SBI "= "C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Temporary Internet Files\Content.IE5\WH6FW1QZ\install_sbd_en[1].exe" []
"WinIFixer "= "C:\Program Files\WinIFixer\WinIFixer.exe" []
"NSWosCheck "= "C:\Program Files\Norton SystemWorks\osCheck.exe" []
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 12:37 PM]
"osCheck "= "C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 07:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"TOSCDSPD "= "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [12/30/2004 12:32 AM]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [03/27/2007 03:22 PM]
"AROReminder "= "C:\Program Files\Advanced Registry Optimizer\aro.exe" [07/23/2007 10:34 AM]
"DW4 "= "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [03/16/2007 07:51 AM]
"QdrPack14 "= "C:\Program Files\QdrPack\QdrPack14.exe" [03/13/2008 02:02 PM]
"ntuser "= "C:\WINDOWS\system32\drivers\spools.exe" [04/03/2008 05:47 PM]
"autoload "= "C:\Documents and Settings\Matthew D. Gramenz\cftmon.exe" [04/03/2008 05:47 PM]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [04/04/2008 03:32 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred "= "C:\Program Files\McAfee.com\Shredder\SHRED32.EXE" /q C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DFA924.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF8DC4.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\HSPERF~1.GRA\3336.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF8B3.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\PERFLI~1.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF71EB.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF6FAA.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\HSPERF~1.GRA\3220.SH!

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ntuser "=C:\WINDOWS\system32\drivers\spools.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [8/16/2005 5:09:37 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"RMfnldOuK "= {B4BDA73D-1E17-0D97-219F-AA0AA3F4D670} - C:\WINDOWS\system32\lkzfg.dll [04/16/2007 08:52 AM 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nvd53.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved]
@= "Driver Group "



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-04-06 02:05:36 ------------

 

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) M processor 1.60GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 894.11 MiB / 490.4 MiB
Pagefile Memory (total/avail): 1496.75 MiB / 1124.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1874.7 MiB

C: is Fixed (NTFS) - 74.34 GiB total, 29.34 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HTS541080G9AT00 - 74.34 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.34 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL "
"C:\\Program Files\\America Online 9.0\\waol.exe "= "C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0 "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe "= "C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine "
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe "= "C:\\TOSHIBA\\IVP\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL "
"C:\\Program Files\\America Online 9.0\\waol.exe "= "C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0 "
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger "
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\\Program Files\\LimeWire\\LimeWire.exe "= "C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire "
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe "= "C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\\Unreal Anthology\\UT2004\\System\\UT2004.exe "= "C:\\Unreal Anthology\\UT2004\\System\\UT2004.exe:*:Enabled:UT2004 "
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE "= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*isabled:Internet Explorer "
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe "= "C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine "
"C:\\Program Files\\Hamachi\\hamachi.exe "= "C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client "
"C:\\Documents and Settings\\Matthew D. Gramenz\\Desktop\\ShR_v3\\system\\mysql\\bin\\mysqld.exe "= "C:\\Documents and Settings\\Matthew D. Gramenz\\Desktop\\ShR_v3\\system\\mysql\\bin\\mysqld.exe:*:Enabled:mysqld "
"C:\\Documents and Settings\\Matthew D. Gramenz\\Desktop\\ShR_v3\\mangos\\realmd.exe "= "C:\\Documents and Settings\\Matthew D. Gramenz\\Desktop\\ShR_v3\\mangos\\realmd.exe:*:Enabled:realmd "
"C:\\Documents and Settings\\Matthew D. Gramenz\\Desktop\\ShR_v3\\system\\apache\\bin\\apache.exe "= "C:\\Documents and Settings\\Matthew D. Gramenz\\Desktop\\ShR_v3\\system\\apache\\bin\\apache.exe:*:Enabled:Apache HTTP Server "
"C:\\Documents and Settings\\Matthew D. Gramenz\\Desktop\\ShR_v3\\mangos\\mangosd.exe "= "C:\\Documents and Settings\\Matthew D. Gramenz\\Desktop\\ShR_v3\\mangos\\mangosd.exe:*:Enabled:mangosd "
"C:\\Documents and Settings\\Matthew D. Gramenz\\Local Settings\\Temporary Internet Files\\Content.IE5\\0UK6UBDA\\WoW-BurningCrusade-enUS-Installer-downloader[1].exe "= "C:\\Documents and Settings\\Matthew D. Gramenz\\Local Settings\\Temporary Internet Files\\Content.IE5\\0UK6UBDA\\WoW-BurningCrusade-enUS-Installer-downloader[1].exe:*:Enabled:Blizzard Downloader "
"C:\\Program Files\\World of Warcraft\\Repair.exe "= "C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility "
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe "= "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Matthew D. Gramenz\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MATTHEW
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
GETMODEL=Satellite M55
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Matthew D. Gramenz
LOGONSERVER=\\MATTHEW
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp
TMP=C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp
USERDOMAIN=MATTHEW
USERNAME=Matthew D. Gramenz
USERPROFILE=C:\Documents and Settings\Matthew D. Gramenz
VERNUM=PSM53U-00K008V
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Matthew D. Gramenz (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll "
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced Registry Optimizer --> "C:\Program Files\Advanced Registry Optimizer\unins000.exe" /silent
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Spyware Protection --> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA561482-C49D-4687-A61C-96236C1688F0}\Setup.exe" -l0x9
Atheros Client Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\Setup.exe" -l0x9
Atheros Wireless LAN MiniPCI card Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Backup --> MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c "C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b "CFD" -h "CFD" -a
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Clickclickclick Browser Optimizer --> C:\WINDOWS\system32\vr-remove.exe
Disney Pirates of the Caribbean Online --> C:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD-RAM Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON PhotoStarter3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE704636-ECD0-426C-952E-05B8DABD1949}\Setup.exe" -l0x9 uninst
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\EPUPDATE.EXE /r
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
Freeze.com Toolbar --> regsvr32 /u /s "C:\Program Files\Freeze.com Toolbar\freeze_int.dll"
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll "
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe "
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate "
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.2) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu "
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Setup.exe" /X
Norton 360 HTMLHelp --> MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Notebook Maximizer --> C:\WINDOWS\iun6002.exe "C:\Program Files\Notebook Maximizer\irunin.ini "
OneStep Search 1.0 build 166 --> C:\Program Files\OneStepSearch\uninstall.exe
PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe
PremiumSoft Navicat MySQL 7.2 --> "C:\Program Files\PremiumSoft\Navicat MySQL\unins000.exe "
Pure Networks Port Magic --> C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
sat_screensaver_30mb --> C:\WINDOWS\sat_screensaver_30mb.scr /U
SBC Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
SBC Yahoo! Login --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ylogin.dll
Skyblueads.com Browser Optimizer --> C:\WINDOWS\system32\cpmrot-uninst.exe
Skyblueads.com Browser Optimizer --> C:\WINDOWS\system32\cpmrot-uninst.exe
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls --> MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The Weather Channel Desktop --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
TOSHIBA Accessibility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3A57482F-BEBC-47E4-ADA1-6302403C7E50} /l1033
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5BCA8D15-BCB6-421E-9654-238B43456A4F} /l1033
TOSHIBA Fn-esse --> C:\WINDOWS\UnInst32.exe Fn-esse.UNI
TOSHIBA Hardware Setup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
TOSHIBA Hotkey Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7900D3A6-A9E8-4954-ACCB-AB15867978BF} /l1033
TOSHIBA PC Diagnostic Tool --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\TOSHIBA\PCDiag\Uninst.isu "
TOSHIBA Power Saver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE} /l1033
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033
Toshiba Tbiosdrv Driver --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu "
TOSHIBA Virtual Sound --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{02EED746-8C5A-43C8-BB3D-D29C8B363A4D} /l1033
Touch and Launch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
TouchPad On/Off Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{80977342-27E8-4FF7-8B6A-D8D89461DA7F} /l1033
Trafficninja.biz Extension --> C:\WINDOWS\system32\ninjaext-uninstall.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Video ActiveX Enhancement 2.07 --> C:\Program Files\Video ActiveX Access\uninst.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\FRAMEW~1\wxfw.cpl,4
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (3)\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type8106 / Error
Event Submitted/Written: 04/05/2008 07:34:25 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8101 / Error
Event Submitted/Written: 04/05/2008 05:16:54 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type7939 / Error
Event Submitted/Written: 04/03/2008 04:25:18 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application desktopweather.exe, version 5.2.0.1, faulting module msvcrt.dll, version 7.0.2600.2180, fault address 0x00036137.
Processing media-specific event for [desktopweather.exe!ws!]

Event Record #/Type7898 / Warning
Event Submitted/Written: 04/03/2008 09:40:06 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{91120409-6000-11D3-8CFE-0150048383C9}', feature 'EXCELFiles' failed during request for component '{A2B280D4-20FB-4720-99F7-40C09FBCE10A}'

Event Record #/Type7897 / Warning
Event Submitted/Written: 04/03/2008 09:40:06 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{91120409-6000-11D3-8CFE-0150048383C9}', feature 'EXCELFiles', component '{43A46B81-37A6-11D2-AA89-00A0C90F57B0}' failed. The resource 'C:\Program Files\Microsoft Office\OFFICE11\XLSTART\' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type41452 / Error
Event Submitted/Written: 04/06/2008 01:56:24 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
lanmandrv

Event Record #/Type41451 / Error
Event Submitted/Written: 04/06/2008 01:56:24 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Task Scheduler service failed to start due to the following error:
%%5

Event Record #/Type41357 / Error
Event Submitted/Written: 04/05/2008 09:00:26 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
lanmandrv

Event Record #/Type41355 / Error
Event Submitted/Written: 04/05/2008 09:00:26 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Task Scheduler service failed to start due to the following error:
%%5

Event Record #/Type41308 / Error
Event Submitted/Written: 04/05/2008 08:57:58 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments " "
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-04-06 02:05:36 ------------

 

Highlight and copy the following bolded command, quotes included.

"C:\Program Files\dss.exe" /daft

Click Start>Run and paste the command in the Run dialog then hit enter. Deckards will start in the file associations repair mode. Click Scan. Check the box for .exe then click Fix and exit.

Now run ComboFix.exe as described above.

 

my computer seems to be running fine now. but i won't do anything until you say im set. the next post is the combofix log.

 

ComboFix 08-04-04.1 - Matthew D. Gramenz 2008-04-06 17:24:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.536 [GMT -7:00]
Running from: C:\Program Files\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\MATTHE~1.GRA\Start Menu\Programs\Internet Speed Monitor
C:\DOCUME~1\MATTHE~1.GRA\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\DOCUME~1\MATTHE~1.GRA\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\PROGRA~1\3721
C:\PROGRA~1\3721\assist\asbar.dll
C:\PROGRA~1\3721\helper.dll
C:\PROGRA~1\Accoona
C:\PROGRA~1\Accoona\ASearchAssist.dll
C:\PROGRA~1\akl
C:\PROGRA~1\akl\akl.dll
C:\PROGRA~1\akl\akl.exe
C:\PROGRA~1\akl\curlog.htm
C:\PROGRA~1\akl\keylog.txt
C:\PROGRA~1\akl\readme.txt
C:\PROGRA~1\akl\uninstall.exe
C:\PROGRA~1\akl\unsetup.dat
C:\PROGRA~1\akl\unsetup.exe
C:\PROGRA~1\amsys
C:\PROGRA~1\amsys\awmsg.dat
C:\PROGRA~1\amsys\guid.dat
C:\PROGRA~1\amsys\ijl15.dll
C:\PROGRA~1\amsys\mfc42.dll
C:\PROGRA~1\amsys\msvcrt.dll
C:\PROGRA~1\amsys\unins000.dat
C:\PROGRA~1\amsys\unis000.exe
C:\PROGRA~1\amsys\winam.dat
C:\PROGRA~1\COMMON~1\Yazzle1552OinUninstaller.exe
C:\PROGRA~1\e-zshopper
C:\PROGRA~1\e-zshopper\BarLcher.dll
C:\PROGRA~1\ISM
C:\PROGRA~1\ISM\ism.exe
C:\PROGRA~1\ISM\Uninstall.exe
C:\PROGRA~1\p2pnetworks
C:\PROGRA~1\p2pnetworks\amp2pl.exe
C:\PROGRA~1\QdrDrive
C:\PROGRA~1\QdrDrive\qdrloader.exe
C:\PROGRA~1\QdrModule
C:\PROGRA~1\QdrModule\dic.gz
C:\PROGRA~1\QdrModule\kwd.gz
C:\PROGRA~1\QdrPack
C:\PROGRA~1\QdrPack\dicts.gz
C:\PROGRA~1\QdrPack\QdrPack14.exe
C:\PROGRA~1\QdrPack\trgts.gz
C:\PROGRA~1\QdrPack\zhydupd.exe
C:\PROGRA~1\video activex access
C:\PROGRA~1\video activex access\ot.ico
C:\PROGRA~1\video activex access\ts.ico
C:\PROGRA~1\video activex access\uninst.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\camoc.dll
C:\WINDOWS\system32\cpmrotate.dll
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\ysdlwtjr.dat
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\ninjaext-uninstall.exe
C:\WINDOWS\system32\qmopt.dll
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LANMANDRV
-------\Service_lanmandrv
-------\Service_nppoohfm
-------\Legacy_nppoohfm
-------\Legacy_Schedule
-------\nppoohfm
-------\Schedule


((((((((((((((((((((((((( Files Created from 2008-03-07 to 2008-04-07 )))))))))))))))))))))))))))))))
.

2008-04-06 17:30 . 2008-04-06 17:30 269,334 --a------ C:\WINDOWS\system32\tgfehsj.bmp
2008-04-06 17:30 . 2008-04-06 17:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-06 17:30 . 2008-04-06 17:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-06 02:00 . 2008-04-06 02:00 <DIR> d-------- C:\Deckard
2008-04-06 01:28 . 2008-04-06 01:49 <DIR> d-------- C:\Program Files\hjt
2008-04-06 00:53 . 2008-04-06 00:54 686,630 --a------ C:\Program Files\dss.exe
2008-04-05 23:07 . 2008-04-05 23:07 1,612,984 --a------ C:\Program Files\ComboFix.exe
2008-04-05 22:06 . 2008-04-05 22:06 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-05 20:43 . 2008-04-05 20:43 <DIR> d-------- C:\Program Files\ClamWinPortable
2008-04-05 20:35 . 2008-04-05 20:35 <DIR> d-------- C:\DOCUME~1\MATTHE~1.GRA\Application Data\Sonic
2008-04-05 20:35 . 2008-04-05 20:35 <DIR> d-------- C:\DOCUME~1\MATTHE~1.GRA\Application Data\Sonic
2008-04-04 03:40 . 2008-04-04 03:40 73,728 --a------ C:\Program Files\KillBox.exe
2008-04-04 02:59 . 2008-04-04 02:59 143,243 --a------ C:\Program Files\xp_fix.exe
2008-04-04 01:32 . 2007-12-06 19:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-04 01:32 . 2007-06-30 20:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-04 01:32 . 2007-06-30 20:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-04 01:32 . 2007-12-06 19:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-04 01:32 . 2007-12-06 19:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-04 01:32 . 2007-12-06 19:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-04 01:32 . 2007-12-06 19:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-04 01:32 . 2007-12-06 19:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-04 01:32 . 2007-12-06 04:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-03 16:23 . 2008-04-03 16:23 269,334 --a------ C:\WINDOWS\system32\cjmhcjmlofml.bmp
2008-04-03 09:40 . 2008-04-03 09:40 <DIR> d-------- C:\Program Files\Common Files\ODBC
2008-04-03 04:38 . 2008-04-03 04:38 269,334 --a------ C:\WINDOWS\system32\knipgbidob.bmp
2008-04-03 04:28 . 2008-04-03 04:28 269,334 --a------ C:\WINDOWS\system32\hcbmlsfmp.bmp
2008-04-03 04:16 . 2008-04-03 04:23 <DIR> d-------- C:\fixwareout
2008-04-03 03:59 . 2008-04-03 03:59 269,334 --a------ C:\WINDOWS\system32\gretcn.bmp
2008-04-03 03:14 . 2008-04-03 03:14 269,334 --a------ C:\WINDOWS\system32\qdgjmp.bmp
2008-04-03 02:56 . 2008-04-03 02:56 269,334 --a------ C:\WINDOWS\system32\mpgnmtgjqdcjml.bmp
2008-04-03 02:18 . 2008-04-03 02:18 269,334 --a------ C:\WINDOWS\system32\ojidgfahkbed.bmp
2008-04-03 02:00 . 2008-04-03 02:00 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-04-03 02:00 . 2008-04-03 02:40 <DIR> d-------- C:\Program Files\Norton 360
2008-04-03 01:58 . 2008-04-03 02:02 <DIR> d-------- C:\Program Files\Symantec
2008-04-03 01:58 . 2008-04-03 02:01 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-03 01:58 . 2008-04-03 02:01 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-03 01:41 . 2008-04-03 01:41 269,334 --a------ C:\WINDOWS\system32\fihojqlgjep.bmp
2008-04-03 01:23 . 2008-04-03 01:23 269,334 --a------ C:\WINDOWS\system32\aporetsfmp.bmp
2008-04-03 00:30 . 2008-04-03 00:30 269,334 --a------ C:\WINDOWS\system32\rilgrapkjehkb.bmp
2008-04-02 21:59 . 2008-04-02 21:59 269,334 --a------ C:\WINDOWS\system32\pofatgrid.bmp
2008-04-02 20:13 . 2008-04-02 20:13 269,334 --a------ C:\WINDOWS\system32\sjatob.bmp
2008-04-02 19:31 . 2008-04-02 19:31 269,334 --a------ C:\WINDOWS\system32\fqdcjqdsnepkb.bmp
2008-04-02 19:16 . 2008-04-02 19:16 269,334 --a------ C:\WINDOWS\system32\gjedgnil.bmp
2008-04-02 18:38 . 2008-04-02 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-04-02 18:14 . 2008-04-02 18:14 269,334 --a------ C:\WINDOWS\system32\jalobaporelob.bmp
2008-04-02 17:57 . 2008-04-02 17:57 269,334 --a------ C:\WINDOWS\system32\hknehonedgj.bmp
2008-04-02 17:49 . 2008-04-02 17:49 0 --a------ C:\WINDOWS\CeEKey.INI
2008-04-02 17:37 . 2008-04-02 17:37 <DIR> d-------- C:\DOCUME~1\MATTHE~1.GRA\Application Data\WinIFixer.com
2008-04-02 17:37 . 2008-04-02 17:37 <DIR> d-------- C:\DOCUME~1\MATTHE~1.GRA\Application Data\WinIFixer.com
2008-04-02 01:02 . 2008-04-03 16:24 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-04-02 01:02 . 2008-04-03 16:24 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-04-02 01:01 . 2008-04-02 01:01 269,334 --a------ C:\WINDOWS\system32\tcfihsfap.bmp
2008-04-01 08:28 . 2008-04-01 08:28 29 --a------ C:\WINDOWS\system32\adiiquff.tmp
2008-04-01 08:27 . 2008-04-01 08:27 269,334 --a------ C:\WINDOWS\system32\mhsrihkjmdgb.bmp
2008-04-01 08:27 . 2008-04-01 08:27 18,432 --a------ C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
2008-04-01 08:26 . 2008-04-03 17:47 30,376 --a------ C:\Documents and Settings\Matthew D. Gramenz\cftmon.exe
2008-03-25 16:49 . 2008-03-25 16:49 <DIR> d-------- C:\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 00:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-07 00:27 --------- d-----w C:\Program Files\Common Files
2008-04-06 03:34 --------- d-----w C:\DOCUME~1\MATTHE~1.GRA\Application Data\U3
2008-04-06 03:34 --------- d-----w C:\DOCUME~1\MATTHE~1.GRA\Application Data\U3
2008-04-04 19:14 --------- d-----w C:\Program Files\Google
2008-04-04 08:40 --------- d-----w C:\Program Files\Internet Explorer
2008-04-03 23:36 --------- d-----w C:\Program Files\World of Warcraft
2008-04-03 23:21 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-04-03 11:03 --------- d-----w C:\DOCUME~1\MATTHE~1.GRA\Application Data\Symantec
2008-04-03 11:03 --------- d-----w C:\DOCUME~1\MATTHE~1.GRA\Application Data\Symantec
2008-04-03 09:52 --------- d-----w C:\Program Files\RcvSystem
2008-04-03 09:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-03 09:03 --------- d-----w C:\Program Files\Mozilla Firefox
2008-04-03 09:01 805 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-03 09:01 10,563 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-03 08:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-09 12:51 186,365,413 -c--a-w C:\Program Files\sorrywronghole.wmv
2008-03-08 07:36 --------- d-----w C:\Program Files\OneStepSearch
2008-03-07 04:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 04:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 04:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-03-05 21:11 457,132 -c--a-w C:\Program Files\Gatherer-3.0.6.zip
2008-02-28 14:18 270,335,188 -c--a-w C:\Program Files\bragg.wmv
2008-02-25 10:19 129,723,291 -c--a-w C:\Program Files\cowgirls.wmv
2008-02-25 10:18 37,000,606 -c--a-w C:\Program Files\maaamanda-4.wmv
2008-02-24 09:34 417,345,155 -c--a-w C:\Program Files\brandy.wmv
2008-02-24 09:09 39,887,903 -c--a-w C:\Program Files\sg3068-2.wmv
2008-02-22 21:16 --------- d-----w C:\Program Files\The Weather Channel FW
2008-02-22 21:12 --------- d-----w C:\Program Files\iTunes
2008-02-22 21:11 --------- d-----w C:\Program Files\iPod
2008-02-20 03:37 --------- d-----w C:\Program Files\LimeWire
2008-02-08 22:16 --------- d-----w C:\Program Files\QuickTime
2008-02-07 09:00 758,685 -c--a-w C:\Program Files\TitanPanel312.20300-Rev240a.zip
2008-02-07 08:56 415,954 -c--a-w C:\Program Files\sct57.zip
2008-02-07 08:49 11,168,038 -c--a-w C:\Program Files\Atlas_v1.10.3.zip
2008-02-07 03:48 580,569 -c--a-w C:\Program Files\X-Perl 2.3.9b.zip
2008-02-05 09:47 568,345 -c--a-w C:\Program Files\QuestHelper.zip
2007-12-29 14:30 4,670 -c--a-w C:\DOCUME~1\MATTHE~1.GRA\Application Data\wklnhst.dat
2007-12-29 14:30 4,670 -c--a-w C:\DOCUME~1\MATTHE~1.GRA\Application Data\wklnhst.dat
2007-12-12 05:38 33,219,968 -c--a-w C:\Program Files\gametap_setup.exe
2007-10-29 17:26 12,334,208 -c--a-w C:\Program Files\itas4.zip
2007-10-29 16:39 13,701,729 -c--a-w C:\Program Files\itas3.zip
2007-10-29 16:38 20,347,936 -c--a-w C:\Program Files\itas2.zip
2007-10-29 16:37 27,120,169 -c--a-w C:\Program Files\itas1.zip
2007-10-29 16:32 16,283 -c--a-w C:\Program Files\Inside the Actors Studio David Duchovny XviD avi [www[1].Fulldls.com].torrent
2007-08-29 12:54 20,256,064 -c--a-w C:\Program Files\QuickTimeInstaller.exe
2007-08-23 14:46 1,102,630 -c--a-w C:\Program Files\4.mpg
2007-08-15 11:02 1,812,109 -c--a-w C:\Program Files\mov04.mpg
2007-08-15 10:08 67,068 -c--a-w C:\Program Files\PPS=NoAdvert.htm
2007-08-15 10:04 67,062 -c--a-w C:\Program Files\REVS=bb404.htm
2007-08-15 07:03 50,005,304 -c--a-w C:\Program Files\iTunesSetup.exe
2007-08-03 12:06 2,344,964 -c--a-w C:\Program Files\01.mpg
2007-08-03 12:04 2,795,212 -c--a-w C:\Program Files\vid03.mpg
2007-08-03 12:02 1,360,604 -c--a-w C:\Program Files\mov1.mpg
2007-08-03 11:59 746,621 -c--a-w C:\Program Files\0147_01_tgp3.wmv
2007-08-03 11:59 746,621 -c--a-w C:\Program Files\0147_01_tgp2.wmv
2007-07-20 19:34 1,110,016 -c--a-w C:\Program Files\CohUpdater.exe
2007-07-13 17:54 8,938 -c--a-w C:\Program Files\ap3364.htm
2007-06-28 06:33 399,703 -c--a-w C:\Program Files\sb_quotes.zip
2007-06-28 06:30 696,014 -c--a-w C:\Program Files\sbclock.zip
2003-11-03 04:52 301,321 -c--a-w C:\Documents and Settings\All Users\Office 2003 Editions 60 Day Trial.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-23 19:08 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-03 02:01 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll" [2008-02-23 19:08 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-02-23 19:08 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@={4433A54A-1AC8-432F-90FC-85F045CF383C}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@={F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@={476D0EA3-80F9-48B5-B70B-05E677C9C148}

[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 01:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 01:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 01:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"TOSCDSPD "= "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 00:32 65536]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22 4670968]
"AROReminder "= "C:\Program Files\Advanced Registry Optimizer\aro.exe" [2007-07-23 10:34 2084480]
"DW4 "= "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51 715888]
"QdrPack14 "= "C:\Program Files\QdrPack\QdrPack14.exe" [ ]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-04 03:32 171448]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred "= "C:\Program Files\McAfee.com\Shredder\SHRED32.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoomingHook "= "ZoomingHook.exe" [2005-06-06 09:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"Tvs "= "C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 16:25 73728]
"TPSMain "= "TPSMain.exe" [2005-05-31 17:16 282624 C:\WINDOWS\system32\TPSMain.exe]
"TPNF "= "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-06-08 15:51 53248]
"TFncKy "= "C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" [2005-04-18 12:33 188416]
"TCtryIOHook "= "TCtrlIOHook.exe" [2005-08-05 20:02 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"SVPWUTIL "= "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 13:45 65536]
"SmoothView "= "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 16:13 122880]
"Pure Networks Port Magic "= "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2005-02-07 13:04 99480]
"Pinger "= "c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 17:37 151552]
"PadTouch "= "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 14:03 1077301]
"Notebook Maximizer "= "C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [2006-05-04 17:59 40960]
"NDSTray.exe "= "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe" [2005-04-22 11:54 962560]
"LtMoh "= "C:\Program Files\ltmoh\Ltmoh.exe" [2005-04-12 16:18 184320]
"HWSetup "= "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 13:45 28672]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"CeEKEY "= "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-06-30 10:05 671744]
"ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-05 21:05 344064]
"Apoint "= "C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 22:40 196608]
"AGRSMMSG "= "AGRSMMSG.exe" [2005-04-12 16:17 88358 C:\WINDOWS\agrsmmsg.exe]
"BJCFD "= "C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 22:26 368706]
"CFSServ.exe "= "C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe" [2005-04-12 22:54 794624]
"IVPServiceMgr "= "C:\toshiba\ivp\ism\ivpsvmgr.exe" [2003-10-20 09:37 475136]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"BluetoothAuthorizationAgent "= "C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe" [2008-04-01 08:27 18432]
"SBI "= "C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Temporary Internet Files\Content.IE5\WH6FW1QZ\install_sbd_en[1].exe" [ ]
"WinIFixer "= "C:\Program Files\WinIFixer\WinIFixer.exe" [ ]
"NSWosCheck "= "C:\Program Files\Norton SystemWorks\osCheck.exe" [ ]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 12:37 51048]
"osCheck "= "C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 07:50 988512]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-08-16 17:09:37 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"RMfnldOuK "= {B4BDA73D-1E17-0D97-219F-AA0AA3F4D670} - C:\WINDOWS\System32\lkzfg.dll [2007-04-16 08:52 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nvd53.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe "=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe "= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\America Online 9.0\\waol.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"C:\\Program Files\\LimeWire\\LimeWire.exe "=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE "=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe "=
"C:\\Program Files\\World of Warcraft\\Repair.exe "=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP "= 3724:TCP:Blizzard Downloader: 3724

R2 LiveUpdate Notice;LiveUpdate Notice; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 OneStep Search Service;OneStep Search Service; "C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service []
R2 X4HSX32;X4HSX32;C:\Program Files\GameTap\bin\Release\X4HSX32.Sys [2007-12-04 06:15]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 14:43]
S3 bfastfao;bfastfao;C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\bfastfao.sys []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 DXE201;Dynex DX-E201 CardBus PC Card;C:\WINDOWS\system32\DRIVERS\DXE201.SYS [2004-01-05 01:20]
S3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 14:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-28 15:16:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 17:30:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\OneStepSearch\onestep.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-04-06 17:34:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-07 00:33:57
Pre-Run: 31,424,897,024 bytes free
Post-Run: 31,480,803,328 bytes free
.
2008-04-04 20:00:49 --- E O F ---

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:49 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\OneStepSearch\onestep.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace-start.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [CFSServ.exe] C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe -NoClient
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [BluetoothAuthorizationAgent] C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Temporary Internet Files\Content.IE5\WH6FW1QZ\install_sbd_en[1].exe
O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe "
O4 - HKCU\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe "
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [DelayShred] "C:\Program Files\McAfee.com\Shredder\SHRED32.EXE" /q C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DFA924.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF8DC4.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\HSPERF~1.GRA\3336.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF8B3.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\PERFLI~1.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF71EB.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF6FAA.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\HSPERF~1.GRA\3220.SH!
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O21 - SSODL: RMfnldOuK - {B4BDA73D-1E17-0D97-219F-AA0AA3F4D670} - C:\WINDOWS\System32\lkzfg.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 13201 bytes

 

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

KillAll::
File::
C:\WINDOWS\system32\tgfehsj.bmp
C:\WINDOWS\system32\cjmhcjmlofml.bmp
C:\WINDOWS\system32\knipgbidob.bmp
C:\WINDOWS\system32\hcbmlsfmp.bmp
C:\WINDOWS\system32\gretcn.bmp
C:\WINDOWS\system32\qdgjmp.bmp
C:\WINDOWS\system32\mpgnmtgjqdcjml.bmp
C:\WINDOWS\system32\ojidgfahkbed.bmp
C:\WINDOWS\system32\fihojqlgjep.bmp
C:\WINDOWS\system32\aporetsfmp.bmp
C:\WINDOWS\system32\rilgrapkjehkb.bmp
C:\WINDOWS\system32\pofatgrid.bmp
C:\WINDOWS\system32\sjatob.bmp
C:\WINDOWS\system32\fqdcjqdsnepkb.bmp
C:\WINDOWS\system32\gjedgnil.bmp
C:\WINDOWS\system32\jalobaporelob.bmp
C:\WINDOWS\system32\hknehonedgj.bmp
C:\WINDOWS\system32\ctfmonb.bmp
C:\WINDOWS\system32\blackster.scr
C:\WINDOWS\system32\tcfihsfap.bmp
C:\WINDOWS\system32\adiiquff.tmp
C:\WINDOWS\system32\mhsrihkjmdgb.bmp
C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
C:\Documents and Settings\Matthew D. Gramenz\cftmon.exe
C:\WINDOWS\System32\lkzfg.dll 
Folder::
C:\DOCUME~1\MATTHE~1.GRA\Application Data\WinIFixer.com
C:\DOCUME~1\MATTHE~1.GRA\Application Data\WinIFixer.com
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "QdrPack14 "=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "BluetoothAuthorizationAgent "=-
 "SBI "=-
 "WinIFixer "=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
 "RMfnldOuK "=-
Driver::
bfastfao

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

ComboFix 08-04-04.1 - Matthew D. Gramenz 2008-04-06 18:09:59.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.531 [GMT -7:00]
Running from: C:\Program Files\ComboFix.exe
Command switches used :: C:\Documents and Settings\Matthew D. Gramenz\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Matthew D. Gramenz\cftmon.exe
C:\WINDOWS\system32\adiiquff.tmp
C:\WINDOWS\system32\aporetsfmp.bmp
C:\WINDOWS\system32\blackster.scr
C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
C:\WINDOWS\system32\cjmhcjmlofml.bmp
C:\WINDOWS\system32\ctfmonb.bmp
C:\WINDOWS\system32\fihojqlgjep.bmp
C:\WINDOWS\system32\fqdcjqdsnepkb.bmp
C:\WINDOWS\system32\gjedgnil.bmp
C:\WINDOWS\system32\gretcn.bmp
C:\WINDOWS\system32\hcbmlsfmp.bmp
C:\WINDOWS\system32\hknehonedgj.bmp
C:\WINDOWS\system32\jalobaporelob.bmp
C:\WINDOWS\system32\knipgbidob.bmp
C:\WINDOWS\System32\lkzfg.dll
C:\WINDOWS\system32\mhsrihkjmdgb.bmp
C:\WINDOWS\system32\mpgnmtgjqdcjml.bmp
C:\WINDOWS\system32\ojidgfahkbed.bmp
C:\WINDOWS\system32\pofatgrid.bmp
C:\WINDOWS\system32\qdgjmp.bmp
C:\WINDOWS\system32\rilgrapkjehkb.bmp
C:\WINDOWS\system32\sjatob.bmp
C:\WINDOWS\system32\tcfihsfap.bmp
C:\WINDOWS\system32\tgfehsj.bmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\MATTHE~1.GRA\Application Data\WinIFixer.com
C:\Documents and Settings\Matthew D. Gramenz\cftmon.exe
C:\WINDOWS\system32\adiiquff.tmp
C:\WINDOWS\system32\aporetsfmp.bmp
C:\WINDOWS\system32\blackster.scr
C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
C:\WINDOWS\system32\cjmhcjmlofml.bmp
C:\WINDOWS\system32\ctfmonb.bmp
C:\WINDOWS\system32\fihojqlgjep.bmp
C:\WINDOWS\system32\fqdcjqdsnepkb.bmp
C:\WINDOWS\system32\gjedgnil.bmp
C:\WINDOWS\system32\gretcn.bmp
C:\WINDOWS\system32\hcbmlsfmp.bmp
C:\WINDOWS\system32\hknehonedgj.bmp
C:\WINDOWS\system32\jalobaporelob.bmp
C:\WINDOWS\system32\knipgbidob.bmp
C:\WINDOWS\System32\lkzfg.dll
C:\WINDOWS\system32\mhsrihkjmdgb.bmp
C:\WINDOWS\system32\mpgnmtgjqdcjml.bmp
C:\WINDOWS\system32\ojidgfahkbed.bmp
C:\WINDOWS\system32\pofatgrid.bmp
C:\WINDOWS\system32\qdgjmp.bmp
C:\WINDOWS\system32\rilgrapkjehkb.bmp
C:\WINDOWS\system32\sjatob.bmp
C:\WINDOWS\system32\tcfihsfap.bmp
C:\WINDOWS\system32\tgfehsj.bmp

.
((((((((((((((((((((((((( Files Created from 2008-03-07 to 2008-04-07 )))))))))))))))))))))))))))))))
.

2008-04-06 17:41 . 2008-04-06 17:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-06 17:30 . 2008-04-06 18:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-06 17:30 . 2008-04-06 17:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-06 02:00 . 2008-04-06 02:00 <DIR> d-------- C:\Deckard
2008-04-06 01:28 . 2008-04-06 01:49 <DIR> d-------- C:\Program Files\hjt
2008-04-06 00:53 . 2008-04-06 00:54 686,630 --a------ C:\Program Files\dss.exe
2008-04-05 23:07 . 2008-04-05 23:07 1,612,984 --a------ C:\Program Files\ComboFix.exe
2008-04-05 22:06 . 2008-04-05 22:06 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-05 20:43 . 2008-04-05 20:43 <DIR> d-------- C:\Program Files\ClamWinPortable
2008-04-05 20:35 . 2008-04-05 20:35 <DIR> d-------- C:\DOCUME~1\MATTHE~1.GRA\Application Data\Sonic
2008-04-04 03:40 . 2008-04-04 03:40 73,728 --a------ C:\Program Files\KillBox.exe
2008-04-04 02:59 . 2008-04-04 02:59 143,243 --a------ C:\Program Files\xp_fix.exe
2008-04-04 01:32 . 2007-12-06 19:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-04 01:32 . 2007-06-30 20:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-04 01:32 . 2007-06-30 20:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-04 01:32 . 2007-12-06 19:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-04 01:32 . 2007-12-06 19:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-04 01:32 . 2007-12-06 19:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-04 01:32 . 2007-12-06 19:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-04 01:32 . 2007-12-06 19:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-04 01:32 . 2007-12-06 04:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-03 04:16 . 2008-04-03 04:23 <DIR> d-------- C:\fixwareout
2008-04-03 02:00 . 2008-04-03 02:00 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-04-03 02:00 . 2008-04-03 02:40 <DIR> d-------- C:\Program Files\Norton 360
2008-04-03 01:58 . 2008-04-03 02:02 <DIR> d-------- C:\Program Files\Symantec
2008-04-03 01:58 . 2008-04-03 02:01 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-03 01:58 . 2008-04-03 02:01 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-02 18:38 . 2008-04-02 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-04-02 17:49 . 2008-04-02 17:49 0 --a------ C:\WINDOWS\CeEKey.INI
2008-03-25 16:49 . 2008-03-25 16:49 <DIR> d-------- C:\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 01:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-06 03:34 --------- d-----w C:\DOCUME~1\MATTHE~1.GRA\Application Data\U3
2008-04-04 19:14 --------- d-----w C:\Program Files\Google
2008-04-03 23:36 --------- d-----w C:\Program Files\World of Warcraft
2008-04-03 23:21 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-04-03 11:03 --------- d-----w C:\DOCUME~1\MATTHE~1.GRA\Application Data\Symantec
2008-04-03 09:52 --------- d-----w C:\Program Files\RcvSystem
2008-04-03 09:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-03 09:01 805 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-03 09:01 10,563 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-03 08:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-09 12:51 186,365,413 -c--a-w C:\Program Files\sorrywronghole.wmv
2008-03-08 07:36 --------- d-----w C:\Program Files\OneStepSearch
2008-03-07 04:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 04:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 04:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-03-05 21:11 457,132 -c--a-w C:\Program Files\Gatherer-3.0.6.zip
2008-02-28 14:18 270,335,188 -c--a-w C:\Program Files\bragg.wmv
2008-02-25 10:19 129,723,291 -c--a-w C:\Program Files\cowgirls.wmv
2008-02-25 10:18 37,000,606 -c--a-w C:\Program Files\maaamanda-4.wmv
2008-02-24 09:34 417,345,155 -c--a-w C:\Program Files\brandy.wmv
2008-02-24 09:09 39,887,903 -c--a-w C:\Program Files\sg3068-2.wmv
2008-02-22 21:16 --------- d-----w C:\Program Files\The Weather Channel FW
2008-02-22 21:12 --------- d-----w C:\Program Files\iTunes
2008-02-22 21:11 --------- d-----w C:\Program Files\iPod
2008-02-20 03:37 --------- d-----w C:\Program Files\LimeWire
2008-02-08 22:16 --------- d-----w C:\Program Files\QuickTime
2008-02-07 09:00 758,685 -c--a-w C:\Program Files\TitanPanel312.20300-Rev240a.zip
2008-02-07 08:56 415,954 -c--a-w C:\Program Files\sct57.zip
2008-02-07 08:49 11,168,038 -c--a-w C:\Program Files\Atlas_v1.10.3.zip
2008-02-07 03:48 580,569 -c--a-w C:\Program Files\X-Perl 2.3.9b.zip
2008-02-05 09:47 568,345 -c--a-w C:\Program Files\QuestHelper.zip
2007-12-29 14:30 4,670 -c--a-w C:\DOCUME~1\MATTHE~1.GRA\Application Data\wklnhst.dat
2007-12-12 05:38 33,219,968 -c--a-w C:\Program Files\gametap_setup.exe
2007-10-29 17:26 12,334,208 -c--a-w C:\Program Files\itas4.zip
2007-10-29 16:39 13,701,729 -c--a-w C:\Program Files\itas3.zip
2007-10-29 16:38 20,347,936 -c--a-w C:\Program Files\itas2.zip
2007-10-29 16:37 27,120,169 -c--a-w C:\Program Files\itas1.zip
2007-10-29 16:32 16,283 -c--a-w C:\Program Files\Inside the Actors Studio David Duchovny XviD avi [www[1].Fulldls.com].torrent
2007-08-29 12:54 20,256,064 -c--a-w C:\Program Files\QuickTimeInstaller.exe
2007-08-23 14:46 1,102,630 -c--a-w C:\Program Files\4.mpg
2007-08-15 11:02 1,812,109 -c--a-w C:\Program Files\mov04.mpg
2007-08-15 10:08 67,068 -c--a-w C:\Program Files\PPS=NoAdvert.htm
2007-08-15 10:04 67,062 -c--a-w C:\Program Files\REVS=bb404.htm
2007-08-15 07:03 50,005,304 -c--a-w C:\Program Files\iTunesSetup.exe
2007-08-03 12:06 2,344,964 -c--a-w C:\Program Files\01.mpg
2007-08-03 12:04 2,795,212 -c--a-w C:\Program Files\vid03.mpg
2007-08-03 12:02 1,360,604 -c--a-w C:\Program Files\mov1.mpg
2007-08-03 11:59 746,621 -c--a-w C:\Program Files\0147_01_tgp3.wmv
2007-08-03 11:59 746,621 -c--a-w C:\Program Files\0147_01_tgp2.wmv
2007-07-20 19:34 1,110,016 -c--a-w C:\Program Files\CohUpdater.exe
2007-07-13 17:54 8,938 -c--a-w C:\Program Files\ap3364.htm
2007-06-28 06:33 399,703 -c--a-w C:\Program Files\sb_quotes.zip
2007-06-28 06:30 696,014 -c--a-w C:\Program Files\sbclock.zip
2003-11-03 04:52 301,321 -c--a-w C:\Documents and Settings\All Users\Office 2003 Editions 60 Day Trial.exe
.

------- Sigcheck -------

2004-08-04 05:00 17408 42ce8a17da5ba1462126565d74dcfbd4 C:\WINDOWS\system32\svchost.exe

2004-08-04 05:00 506368 bdeae55dc04e560cfb97e7e316389934 C:\WINDOWS\system32\winlogon.exe

2007-06-13 03:23 1035776 98f2e2e85d8a5602457cb8256507e57e C:\WINDOWS\explorer.exe
2007-06-13 04:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 05:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-06_17.33.41.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-07 01:12:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7d4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-23 19:08 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-03 02:01 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll" [2008-02-23 19:08 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-02-23 19:08 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@={4433A54A-1AC8-432F-90FC-85F045CF383C}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@={F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@={476D0EA3-80F9-48B5-B70B-05E677C9C148}

[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 01:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 01:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 01:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"TOSCDSPD "= "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 00:32 65536]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22 4670968]
"AROReminder "= "C:\Program Files\Advanced Registry Optimizer\aro.exe" [2007-07-23 10:34 2084480]
"DW4 "= "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51 715888]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-04 03:32 171448]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred "= "C:\Program Files\McAfee.com\Shredder\SHRED32.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoomingHook "= "ZoomingHook.exe" [2005-06-06 09:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"Tvs "= "C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 16:25 73728]
"TPSMain "= "TPSMain.exe" [2005-05-31 17:16 282624 C:\WINDOWS\system32\TPSMain.exe]
"TPNF "= "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-06-08 15:51 53248]
"TFncKy "= "C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" [2005-04-18 12:33 188416]
"TCtryIOHook "= "TCtrlIOHook.exe" [2005-08-05 20:02 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"SVPWUTIL "= "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 13:45 65536]
"SmoothView "= "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 16:13 122880]
"Pure Networks Port Magic "= "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2005-02-07 13:04 99480]
"Pinger "= "c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 17:37 151552]
"PadTouch "= "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 14:03 1077301]
"Notebook Maximizer "= "C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [2006-05-04 17:59 40960]
"NDSTray.exe "= "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe" [2005-04-22 11:54 962560]
"LtMoh "= "C:\Program Files\ltmoh\Ltmoh.exe" [2005-04-12 16:18 184320]
"HWSetup "= "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 13:45 28672]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"CeEKEY "= "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-06-30 10:05 671744]
"ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-05 21:05 344064]
"Apoint "= "C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 22:40 196608]
"AGRSMMSG "= "AGRSMMSG.exe" [2005-04-12 16:17 88358 C:\WINDOWS\agrsmmsg.exe]
"BJCFD "= "C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 22:26 368706]
"CFSServ.exe "= "C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe" [2005-04-12 22:54 794624]
"IVPServiceMgr "= "C:\toshiba\ivp\ism\ivpsvmgr.exe" [2003-10-20 09:37 475136]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"NSWosCheck "= "C:\Program Files\Norton SystemWorks\osCheck.exe" [ ]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 12:37 51048]
"osCheck "= "C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 07:50 988512]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-08-16 17:09:37 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nvd53.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe "=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe "= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\America Online 9.0\\waol.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"C:\\Program Files\\LimeWire\\LimeWire.exe "=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE "=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe "=
"C:\\Program Files\\World of Warcraft\\Repair.exe "=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP "= 3724:TCP:Blizzard Downloader: 3724

R2 LiveUpdate Notice;LiveUpdate Notice; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 OneStep Search Service;OneStep Search Service; "C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service []
R2 X4HSX32;X4HSX32;C:\Program Files\GameTap\bin\Release\X4HSX32.Sys [2007-12-04 06:15]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 14:43]
S3 bfastfao;bfastfao;C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\bfastfao.sys []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 DXE201;Dynex DX-E201 CardBus PC Card;C:\WINDOWS\system32\DRIVERS\DXE201.SYS [2004-01-05 01:20]
S3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 14:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-28 15:16:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 18:14:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\OneStepSearch\onestep.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-04-06 18:16:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-07 01:16:35
ComboFix2.txt 2008-04-07 00:34:05
Pre-Run: 32,752,816,128 bytes free
Post-Run: 32,744,407,040 bytes free
.
2008-04-04 20:00:49 --- E O F ---

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:18:14 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\OneStepSearch\onestep.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace-start.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [CFSServ.exe] C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe -NoClient
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe "
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [DelayShred] "C:\Program Files\McAfee.com\Shredder\SHRED32.EXE" /q C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DFA924.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF8DC4.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\HSPERF~1.GRA\3336.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF8B3.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\PERFLI~1.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF71EB.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF6FAA.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\HSPERF~1.GRA\3220.SH!
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 12670 bytes

 

Scan again with HijackThis and place a check next to the following entry, close all other windows then click Fix Checked.

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)


Close HijackThis.

Copy the following bolded command.

sc delete bfastfao

Click Start>Run and paste the command in the Run dialog then hit Enter.


Now please do an online scan with Kaspersky WebScanner

Click Scan Now and accept the agreement. You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Post the Kaspersky log and one more fresh HijackThis log.

 

Sunday, April 06, 2008 10:16:43 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/04/2008
Kaspersky Anti-Virus database records: 687622


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 65179
Number of viruses found 24
Number of infected objects 84
Number of suspicious objects 0
Duration of the scan process 01:05:30

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Backup\bustate.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Backup\bustate.index Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{599B42B8-9799-47F3-857B-AF4BFC9635EA}.DAT Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{679A40A5-8521-4C38-A7FC-4CCDC2F2F151}.DAT Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{A135198C-9183-4472-B349-F2B0A701CFC8}.DAT Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-06_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{159CCB00-A20E-4A73-92AD-C0CF712201F4}.ldb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{159CCB00-A20E-4A73-92AD-C0CF712201F4}.sds Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\LightningSand.CFD Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\096CA47C.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\C44023C5.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-21ea8e84.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped

C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-21ea8e84.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-69ad71ff.zip/vmain.class Infected: Exploit.Java.Gimsh.a skipped

C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-69ad71ff.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-5df9b0c8.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped

C:\Documents and Settings\Matthew D. Gramenz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-5df9b0c8.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Matthew D. Gramenz\Application Data\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\History\History.IE5\MSHist012008040620080407\index.dat Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\temp\~DF61DD.tmp Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\temp\~DF673C.tmp Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Matthew D. Gramenz\Shared\07 Track 7.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Freeze.com Toolbar\freeze_int.dll Infected: not-a-virus:AdWare.Win32.Mostofate.bn skipped

C:\Program Files\Freeze.com Toolbar\tbhelper.dll Infected: not-a-virus:AdWare.Win32.Mostofate.bt skipped

C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped

C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped

C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped

C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped

C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped

C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped

C:\Program Files\Norton 360\Log\HomeNetworking.log Object is locked skipped

C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped

C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped

C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped

C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped

C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped

C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped

C:\Program Files\Norton 360\Log\RegClean.log Object is locked skipped

C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped

C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped

C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped

C:\Program Files\OneStepSearch\onestep.dll Infected: not-a-virus:AdWare.Win32.OneStep.h skipped

C:\Program Files\OneStepSearch\onestep.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

C:\Program Files\OneStepSearch\osopt.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

C:\QooBox\Quarantine\C\PROGRA~1\ISM\ism.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.vv skipped

C:\QooBox\Quarantine\C\PROGRA~1\QdrPack\QdrPack14.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.n skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ysdlwtjr.dat.vir Object is locked skipped

C:\QooBox\Quarantine\catchme2008-04-06_173024.79.zip/DOCUME~1/MATTHE~1.GRA/Desktop/catchme.zip/ysdlwtjr.dat Infected: Rootkit.Win32.Agent.aap skipped

C:\QooBox\Quarantine\catchme2008-04-06_173024.79.zip/DOCUME~1/MATTHE~1.GRA/Desktop/catchme.zip/ysdlwtjr.dat.1 Infected: Rootkit.Win32.Agent.aap skipped

C:\QooBox\Quarantine\catchme2008-04-06_173024.79.zip/DOCUME~1/MATTHE~1.GRA/Desktop/catchme.zip Infected: Rootkit.Win32.Agent.aap skipped

C:\QooBox\Quarantine\catchme2008-04-06_173024.79.zip ZIP: infected - 3 skipped

C:\QooBox\Quarantine\catchme2008-04-06_181336.26.zip/DOCUME~1/MATTHE~1.GRA/Desktop/catchme.zip/lkzfg.dll Infected: Trojan-Downloader.Win32.Agent.mbw skipped

C:\QooBox\Quarantine\catchme2008-04-06_181336.26.zip/DOCUME~1/MATTHE~1.GRA/Desktop/catchme.zip Infected: Trojan-Downloader.Win32.Agent.mbw skipped

C:\QooBox\Quarantine\catchme2008-04-06_181336.26.zip ZIP: infected - 2 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP347\A0073762.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP348\A0073772.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP353\A0077955.dll Infected: not-a-virus:AdWare.Win32.OneStep.d skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP353\A0077956.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP353\A0077977.dll Infected: Trojan.Win32.Pakes.cdw skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP358\A0078115.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP364\A0080780.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP366\A0081808.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP366\A0081827.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0084303.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0085303.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0085312.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0085626.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0085629.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0085637.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0087691.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0087694.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0088663.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0088668.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0088925.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0088928.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0088935.exe Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0088936.dll Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0088945.dll Infected: not-a-virus:AdWare.Win32.Beginto.f skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0090947.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0091947.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0091950.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP383\A0091953.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP384\A0092035.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP384\A0092038.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099079.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099082.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099088.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099251.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099255.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099277.dll Infected: Trojan-Downloader.Win32.Agent.lxa skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099280.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099287.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099297.dll Infected: not-a-virus:AdWare.Win32.Mirar.a skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0099298.dll Infected: not-a-virus:AdWare.Win32.Mirar.a skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109333.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109336.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109341.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109352.exe Infected: not-a-virus:FraudTool.Win32.WinFixer.c skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109385.exe Infected: not-a-virus:AdWare.Win32.Agent.ahs skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109402.exe Infected: not-a-virus:FraudTool.Win32.AdvancedCleaner.a skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109404.exe Infected: not-a-virusownloader.Win32.WinFixer.bt skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109423.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109423.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.f skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109423.exe/stream Infected: not-a-virus:AdWare.Win32.Beginto.f skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109423.exe NSIS: infected - 3 skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0109424.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0111431.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP385\A0111432.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP388\A0112671.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP390\A0112805.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP390\A0112809.exe Infected: not-a-virus:AdWare.Win32.AdBand.n skipped

C:\System Volume Information\_restore{8A2FF72E-925C-4693-95A8-CFACA1846F05}\RP391\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\explorer.exe Infected: Trojan.Win32.Patched.aa skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{52677856-FC01-41E1-9CD9-69AFCB0790C1}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\lsass.exe Infected: Trojan.Win32.Patched.aa skipped

C:\WINDOWS\system32\services.exe Infected: Trojan.Win32.Patched.aa skipped

C:\WINDOWS\system32\spoolsv.exe Infected: Trojan.Win32.Patched.aa skipped

C:\WINDOWS\system32\svchost.exe Infected: Trojan.Win32.Patched.aa skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\winlogon.exe Infected: Trojan.Win32.Patched.aa skipped

C:\WINDOWS\Temp\JETE07C.tmp Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_7cc.dat Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:00 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace-start.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [CFSServ.exe] C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe -NoClient
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe "
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [DelayShred] "C:\Program Files\McAfee.com\Shredder\SHRED32.EXE" /q C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DFA924.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF8DC4.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\HSPERF~1.GRA\3336.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF8B3.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\PERFLI~1.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF71EB.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\~DF6FAA.SH! C:\DOCUME~1\MATTHE~1.GRA\LOCALS~1\Temp\HSPERF~1.GRA\3220.SH!
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 12560 bytes

 

Download Dr.Web CureIt, saving the file to your desktop.

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.

Please post the Dr Cureit log here.

 

cfd.exe;c:\program files\broadjump\client foundation;Adware.Cfd;;
onestep.dll;c:\program files\onestepsearch;Adware.OneStep;;
onestep.exe;c:\program files\onestepsearch;Adware.OneStep;;
explorer.exe;c:\windows;Trojan.Starter.384;Cured.;
lsass.exe;c:\windows\system32;Trojan.Starter.384;Cured.;
services.exe;c:\windows\system32;Trojan.Starter.384;Cured.;
spoolsv.exe;c:\windows\system32;Trojan.Starter.384;Cured.;
svchost.exe;c:\windows\system32;Trojan.Starter.384;Cured.;
winlogon.exe;c:\windows\system32;Trojan.Starter.384;Cured.;