Redirect and Pop Up Virus

December 5, 2009 at 13:20:17
Specs: Windows XP Media Center Edition SP3, 1.73 GHz, 0.99 GB of RAM
I believe that I have the same virus as a few of the other posters on this forum. Everytime I'm on a webpage or a specific search engine and clink on a link I get redirected to another search engine or some weird site. I've been redirected to google, bing, searchnet, etc. Also I have a extremely bad pop up problem that I never had before, my pop up blocker has always worked in the past. I've tried deleting cookies and my malware software is not loading at all. Please Help!

See More: Redirect and Pop Up Virus

Report •


#1
December 5, 2009 at 18:03:37
Please save this file to your desktop.

Win32kDiag.exe

Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply. It may take 3 to 4 post to get the entire log to us.

Download Gmer.exe from the following link.

Link1

1. Disconnect from the Internet and close all running programs.
2. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
3. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
4. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
5. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6. If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
7. Now click the Scan button. If you see a rootkit warning window, click OK.
8. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
9. Click the Copy button and paste the results into your next reply.
•Exit GMER and re-enable all active protection when done.


Report •

#2
December 5, 2009 at 19:59:02
The Win32KDiag.exe log displays nothing.

The RSIT.exe 1st log displays as follows:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Cherri at 2009-12-05 22:50:42
Microsoft Windows XP Professional Service Pack 3
System drive C: has 388 MB (0%) free of 114 GB
Total RAM: 1014 MB (3% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:59 PM, on 12/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Cherri\Desktop\RSIT.exe
C:\Program Files\trend micro\Cherri.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=m...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe xbwg.oko xugptq
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [1060361796] C:\Documents and Settings\All Users\Application Data\1060361796\1060361796.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [serisejeh] Rundll32.exe "c:\windows\system32\voforifo.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\MS Antivirus\MSA.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Videohost] C:\DOCUME~1\Cherri\LOCALS~1\Temp\c.exe
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\Cherri\ntuser.dll,_IWMPEvents@0
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.nickjr.com/playtime/shows/dora/games/dora_pyramid.jhtml"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe


Report •

#3
December 5, 2009 at 20:00:30
1st log cont...

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Po...
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartAc...
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/Slide...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/g...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/...
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls...
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/...
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://vram1.vcu.edu/dwa7W.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40255345-30A1-468A-93FC-34E33C9F11F1}: NameServer = 193.104.110.38,4.2.2.1,68.87.73.242 68.87.71.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{98BAC252-FDE3-4BB0-8104-D3A86951A0E2}: NameServer = 193.104.110.38,4.2.2.1
O20 - AppInit_DLLs: c:\windows\system32\minipire.dll wonudaya.dll c:\windows\system32\voforifo.dll
O20 - Winlogon Notify: __c007EE5C - C:\WINDOWS\system32\__c007EE5C.dat
O21 - SSODL: zezihiniz - {45c48922-0c64-43d8-a7e1-8e343151d1c6} - c:\windows\system32\minipire.dll (file missing)
O21 - SSODL: hodubedoz - {08f43139-f058-4563-9b85-c7e572427b80} - c:\windows\system32\voforifo.dll
O22 - SharedTaskScheduler: mujuzedij - {45c48922-0c64-43d8-a7e1-8e343151d1c6} - c:\windows\system32\minipire.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {08f43139-f058-4563-9b85-c7e572427b80} - c:\windows\system32\voforifo.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Windows Management Instrumentation winmgmtsrservice (winmgmtsrservice) - Unknown owner - C:\WINDOWS\system32\ahuip.exe

--
End of file - 19130 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\hiyxcbhv.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{0B58B6CD-A2B4-4451-939A-2478111FF7CB}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}]
Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 1821184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-08-07 138608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-03 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-16 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll [2009-11-18 506720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 1821184]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll [2009-11-18 506720]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-03 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"=TFncKy.exe []
"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-03-11 73728]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-01-05 352256]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-12-16 82009]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-16 761945]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"NDSTray.exe"=NDSTray.exe []
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-06-01 282624]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe []
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"dla"=C:\WINDOWS\system32\dla\DLACTRLW.exe [2005-10-06 122940]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"VSOCheckTask"=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]
"OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-12 53248]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"Lexmark X1100 Series"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2003-08-19 57344]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]
"tgcmd"=C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf []
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"CFSServ.exe"=CFSServ.exe -NoClient []
"1060361796"=C:\Documents and Settings\All Users\Application Data\1060361796\1060361796.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-01 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript []
"MSN Toolbar"=C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe [2009-11-18 240480]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]
"calc"=C:\WINDOWS\system32\calc.dll [2009-03-21 24064]
"serisejeh"=c:\windows\system32\voforifo.dll [2009-12-05 93184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Antivirus"=C:\Program Files\MS Antivirus\MSA.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-17 39408]
"Videohost"=C:\DOCUME~1\Cherri\LOCALS~1\Temp\c.exe []
"calc"=C:\DOCUME~1\Cherri\ntuser.dll [2009-03-21 24064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Cherri\Start Menu\Programs\Startup
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
PowerReg Scheduler V3.exe
..
..


Report •

Related Solutions

#4
December 5, 2009 at 20:01:45
1st log con't...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\minipire.dll wonudaya.dll c:\windows\system32\voforifo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007EE5C]
C:\WINDOWS\system32\__c007EE5C.dat [2009-12-05 32256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
zezihiniz - {45c48922-0c64-43d8-a7e1-8e343151d1c6} - c:\windows\system32\minipire.dll []
hodubedoz - {08f43139-f058-4563-9b85-c7e572427b80} - c:\windows\system32\voforifo.dll [2009-12-05 93184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
mujuzedij - {45c48922-0c64-43d8-a7e1-8e343151d1c6} - c:\windows\system32\minipire.dll []
jugezatag - {08f43139-f058-4563-9b85-c7e572427b80} - c:\windows\system32\voforifo.dll [2009-12-05 93184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
nagosepa.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe"="C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\FastNetSrv.exe"="C:\WINDOWS\system32\FastNetSrv.exe:*:Enabled:FastNetSrv"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\lsm32.sys"="C:\WINDOWS\system32\lsm32.sys:*:Enabled:lsm32"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:IEXPLORE"
"C:\Program Files\McAfee.com\Agent\mcupdate.exe"="C:\Program Files\McAfee.com\Agent\mcupdate.exe:*:Enabled:McUpdate"
"C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe:*:Enabled:TosBtMng"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18391f90-33fb-11dd-9e0b-00038a000015}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2009-12-05 22:50:44 ----D---- C:\Program Files\trend micro
2009-12-05 22:50:42 ----D---- C:\rsit
2009-12-05 06:54:05 ----SH---- C:\WINDOWS\system32\wahijisa.dll
2009-12-05 06:54:05 ----SH---- C:\WINDOWS\system32\voforifo.dll
2009-12-05 06:54:00 ----SH---- C:\WINDOWS\system32\nurorobo.dll
2009-12-04 20:49:26 ----A---- C:\WINDOWS\system32\__c0088ABE.exe
2009-12-04 16:13:52 ----A---- C:\wxiuk.exe
2009-12-04 16:13:52 ----A---- C:\qfbtcf.exe
2009-12-04 16:13:45 ----A---- C:\umvoku.exe
2009-12-04 16:13:44 ----A---- C:\wpbitj.exe
2009-11-30 17:13:55 ----D---- C:\Program Files\MSN Toolbar
2009-11-30 17:12:50 ----D---- C:\Program Files\MSN Toolbar Installer
2009-11-26 09:19:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-26 03:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-26 03:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-23 17:47:31 ----A---- C:\WINDOWS\ModemLog_Motorola iDEN USB Modem.txt
2009-11-22 20:15:54 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2009-11-20 05:46:49 ----D---- C:\Program Files\iPod
2009-11-20 05:46:43 ----D---- C:\Program Files\iTunes
2009-11-20 05:46:43 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-20 05:45:09 ----D---- C:\Program Files\Bonjour
2009-11-20 05:43:52 ----D---- C:\Program Files\QuickTime
2009-11-20 05:41:21 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-11-16 21:41:34 ----D---- C:\WINDOWS\ie8updates
2009-11-16 21:35:59 ----HDC---- C:\WINDOWS\ie8
2009-11-11 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-09 15:33:59 ----D---- C:\Program Files\Microsoft
2009-11-09 15:33:39 ----D---- C:\Program Files\Microsoft Silverlight
2009-11-09 15:32:21 ----D---- C:\Program Files\Nick Jr. Arcade
2009-11-02 22:26:28 ----A---- C:\WINDOWS\system32\dsetup.dll
2009-11-02 22:24:39 ----D---- C:\Program Files\HOTLLAMA Media
2009-10-20 15:42:18 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-20 15:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-20 15:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-20 14:59:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-20 14:59:45 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-20 14:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-20 14:57:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-20 14:50:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-20 14:50:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-20 14:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2009-10-08 08:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-06 19:22:18 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-06 19:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-10-06 19:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-06 19:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$
2009-10-06 19:09:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-10 07:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-10 07:09:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-10 07:08:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-10 07:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-09-10 07:08:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-10 07:07:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-10 07:07:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

======List of files/folders modified in the last 3 months======

2009-12-05 22:50:44 ----D---- C:\Program Files
2009-12-05 22:50:23 ----D---- C:\WINDOWS\Prefetch
2009-12-05 21:27:06 ----D---- C:\WINDOWS\Temp
2009-12-05 19:36:27 ----AD---- C:\WINDOWS\system32
2009-12-05 17:02:35 ----AC---- C:\WINDOWS\IE4 Error Log.txt
2009-12-05 15:04:32 ----D---- C:\Documents and Settings\Cherri\Application Data\LimeWire
2009-12-05 11:12:06 ----D---- C:\WINDOWS\system32\..
2009-12-05 11:12:06 ----D---- C:\WINDOWS
2009-12-05 11:11:56 ----HD---- C:\WINDOWS\inf
2009-12-05 11:10:10 ----D---- C:\WINDOWS\Registration
2009-12-05 11:10:10 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-12-05 11:09:57 ----D---- C:\WINDOWS\system32\DLA
2009-12-05 11:08:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-05 08:33:47 ----D---- C:\Program Files\LimeWire
2009-12-05 06:54:06 ----SD---- C:\WINDOWS\Tasks
2009-12-05 04:19:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-04 16:24:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-04 16:17:29 ----D---- C:\WINDOWS\system32\Restore
2009-12-03 20:08:08 ----SHD---- C:\WINDOWS\Installer
2009-12-03 18:17:04 ----D---- C:\WINDOWS\network diagnostic
2009-12-01 09:31:42 ----HD---- C:\Config.Msi
2009-12-01 09:23:49 ----SHD---- C:\RECYCLER
2009-11-30 17:13:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-30 17:13:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-26 09:19:01 ----AD---- C:\WINDOWS\system32\drivers
2009-11-26 03:02:29 ----A---- C:\WINDOWS\imsins.BAK
2009-11-26 03:02:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-26 03:01:24 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-26 03:01:09 ----D---- C:\WINDOWS\WinSxS
2009-11-23 18:05:31 ----D---- C:\Documents and Settings\Cherri\Application Data\ZoomBrowser EX
2009-11-23 18:05:31 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2009-11-23 16:01:11 ----D---- C:\Documents and Settings
2009-11-20 16:12:40 ----D---- C:\Documents and Settings\Cherri\Application Data\Apple Computer
2009-11-20 05:47:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-20 05:46:47 ----D---- C:\Program Files\Common Files\Apple
2009-11-20 05:36:06 ----D---- C:\Program Files\Safari
2009-11-18 21:29:28 ----D---- C:\Program Files\McAfee
2009-11-18 07:31:35 ----AC---- C:\WINDOWS\iis6.BAK
2009-11-16 21:48:51 ----D---- C:\WINDOWS\system32\en-US
2009-11-16 21:48:50 ----D---- C:\WINDOWS\Media
2009-11-16 21:48:50 ----D---- C:\WINDOWS\Help
2009-11-16 21:48:50 ----D---- C:\Program Files\Internet Explorer
2009-11-16 19:12:55 ----D---- C:\WINDOWS\system32\wbem
2009-11-16 19:12:55 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-15 20:16:48 ----AC---- C:\WINDOWS\OEWABLog.txt
2009-11-11 11:00:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-11 09:39:50 ----D---- C:\Program Files\Java
2009-11-11 09:31:14 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-11-11 09:30:34 ----D---- C:\Program Files\Yahoo!
2009-11-11 03:06:24 ----A---- C:\WINDOWS\win.ini
2009-10-28 10:07:15 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-10-22 04:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-21 12:01:20 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-10-21 12:01:16 ----D---- C:\Program Files\Common Files\McAfee
2009-10-21 11:44:29 ----D---- C:\Program Files\support.com
2009-10-21 11:41:37 ----D---- C:\Program Files\The Learning Company
2009-10-20 15:29:32 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-20 15:29:27 ----RSD---- C:\WINDOWS\assembly
2009-10-20 14:58:41 ----D---- C:\WINDOWS\ie7updates
2009-10-20 14:51:53 ----D---- C:\Program Files\Microsoft Works
2009-10-15 10:28:27 ----D---- C:\Program Files\AVS4YOU
2009-10-15 10:28:10 ----D---- C:\Program Files\Common Files\AVSMedia
2009-10-06 19:21:33 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-06 19:17:27 ----D---- C:\WINDOWS\ehome
2009-09-11 09:18:39 ----A---- C:\WINDOWS\system32\msv1_0.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-01-19 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-02-16 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 winmes;winmes; \??\C:\WINDOWS\system32\winmes.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Network Security; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BtwSrv;BtwSrv; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 fastnetsrv;fastnetsrv Service; C:\WINDOWS\system32\FastNetSrv.exe [2004-08-10 47104]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-01 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-18 303104]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-09-17 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-08-07 242048]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S2 winmgmtsrservice;Windows Management Instrumentation winmgmtsrservice; C:\WINDOWS\system32\ahuip.exe [2008-04-13 60928]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-05 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Report •

#5
December 5, 2009 at 20:03:55
The following is from the info log...

info.txt logfile of random's system information tool 1.06 2009-12-05 22:52:03

======Uninstall list======

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
Dora's Lost and Found Adventure-->C:\PROGRA~1\NICKJR~1.ARC\DORA'S~1\UNWISE.EXE C:\PROGRA~1\NICKJR~1.ARC\DORA'S~1\INSTALL.LOG
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
LimeWire 5.1.4-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Default Manager-->MsiExec.exe /X{61BEA823-ECAF-49F1-8378-A59B3B8AD247}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003-->MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSN Toolbar Platform-->MsiExec.exe /I{2B4508B3-7403-44FF-8FBC-5CCD032E3635}
MSN Toolbar-->C:\Program Files\MSN Toolbar Installer\InstallManager.exe /UNINSTALL
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Safari-->MsiExec.exe /I{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Wiley CPA Examination Review-->C:\PROGRA~1\Wiley\CPAExam\UNWISE.EXE C:\PROGRA~1\Wiley\CPAExam\INSTALL.LOG
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Winnie the Pooh Toddler-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{520E8334-F4F7-4DB5-AA74-E610CB19E59A}\setup.exe" -l0x9

======Security center information======

AV: McAfee VirusScan Online (disabled) (outdated)

======System event log======

Computer Name: CHERRIBERRY
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001302809176. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 128091
Source Name: Dhcp
Time Written: 20091129083608.000000-300
Event Type: warning
User:

Computer Name: CHERRIBERRY
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 128064
Source Name: Tcpip
Time Written: 20091129003611.000000-300
Event Type: warning
User:

Computer Name: CHERRIBERRY
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001302809176. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 128057
Source Name: Dhcp
Time Written: 20091128215231.000000-300
Event Type: warning
User:

Computer Name: CHERRIBERRY
Event Code: 1001
Message: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 001302809176. The following error
occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 128056
Source Name: Dhcp
Time Written: 20091128212228.000000-300
Event Type: error
User:

Computer Name: CHERRIBERRY
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001302809176. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 128047
Source Name: Dhcp
Time Written: 20091128202614.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: CHERRIBERRY
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 35823
Source Name: crypt32
Time Written: 20090721163546.000000-240
Event Type: error
User:

Computer Name: CHERRIBERRY
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 35822
Source Name: crypt32
Time Written: 20090721163546.000000-240
Event Type: error
User:

Computer Name: CHERRIBERRY
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 35821
Source Name: crypt32
Time Written: 20090721163546.000000-240
Event Type: error
User:

Computer Name: CHERRIBERRY
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 35820
Source Name: crypt32
Time Written: 20090721163546.000000-240
Event Type: error
User:

Computer Name: CHERRIBERRY
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 35819
Source Name: crypt32
Time Written: 20090721163546.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Report •

#6
December 5, 2009 at 20:49:56
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Remember..your McAfee antivirus, and any antispyware (no need to disable Malwarebytes) must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#7
December 5, 2009 at 20:52:35
The following is from the Gmer.exe log...

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-05 23:44:06
Windows 5.1.2600 Service Pack 3
Running: xgdt6ksg.exe; Driver: C:\DOCUME~1\Cherri\LOCALS~1\Temp\pxtyquoc.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6888EBF]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[112] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00F82A5E; RET
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[112] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00F81BCE; RET
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[112] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00F81B9A; RET
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[112] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00F81B03; RET
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[112] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00F81B2B; RET
.text C:\WINDOWS\system32\rundll32.exe[304] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00CB2A5E; RET
.text C:\WINDOWS\system32\rundll32.exe[304] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00CB1BCE; RET
.text C:\WINDOWS\system32\rundll32.exe[304] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00CB1B9A; RET
.text C:\WINDOWS\system32\rundll32.exe[304] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00CB1B03; RET
.text C:\WINDOWS\system32\rundll32.exe[304] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00CB1B2B; RET
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[432] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00EE2A5E; RET
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[432] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00EE1BCE; RET
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[432] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00EE1B9A; RET
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[432] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00EE1B03; RET
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[432] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00EE1B2B; RET
.text C:\WINDOWS\AGRSMMSG.exe[452] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00F32A5E; RET
.text C:\WINDOWS\AGRSMMSG.exe[452] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00F31BCE; RET
.text C:\WINDOWS\AGRSMMSG.exe[452] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00F31B9A; RET
.text C:\WINDOWS\AGRSMMSG.exe[452] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00F31B03; RET
.text C:\WINDOWS\AGRSMMSG.exe[452] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00F31B2B; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[652] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 02CD2A5E; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[652] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 02CD1BCE; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[652] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 02CD1B9A; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[652] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 02CD1B03; RET
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[652] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 02CD1B2B; RET
.text C:\Program Files\LimeWire\LimeWire.exe[700] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 04172A5E; RET
.text C:\Program Files\LimeWire\LimeWire.exe[700] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 04171BCE; RET
.text C:\Program Files\LimeWire\LimeWire.exe[700] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 04171B9A; RET
.text C:\Program Files\LimeWire\LimeWire.exe[700] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 04171B03; RET
.text C:\Program Files\LimeWire\LimeWire.exe[700] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 04171B2B; RET
.text C:\WINDOWS\system32\TDispVol.exe[1332] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00FC2A5E; RET
.text C:\WINDOWS\system32\TDispVol.exe[1332] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00FC1BCE; RET
.text C:\WINDOWS\system32\TDispVol.exe[1332] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00FC1B9A; RET
.text C:\WINDOWS\system32\TDispVol.exe[1332] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00FC1B03; RET
.text C:\WINDOWS\system32\TDispVol.exe[1332] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00FC1B2B; RET
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[1460] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00EA2A5E; RET
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[1460] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00EA1BCE; RET
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[1460] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00EA1B9A; RET
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[1460] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00EA1B03; RET
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[1460] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00EA1B2B; RET
? C:\WINDOWS\System32\svchost.exe[1488] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: MFC42.DLLunknown module: OLEAUT32.dll
.text C:\WINDOWS\system32\igfxtray.exe[1548] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00F62A5E; RET
.text C:\WINDOWS\system32\igfxtray.exe[1548] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00F61BCE; RET
.text C:\WINDOWS\system32\igfxtray.exe[1548] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00F61B9A; RET
.text C:\WINDOWS\system32\igfxtray.exe[1548] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00F61B03; RET
.text C:\WINDOWS\system32\igfxtray.exe[1548] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00F61B2B; RET
.text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00E92A5E; RET
.text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00E91BCE; RET
.text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00E91B9A; RET
.text C:\Program Files\Messenger\msmsgs.exe[1700] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00E91B03; RET
.text C:\Program Files\Messenger\msmsgs.exe[1700] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00E91B2B; RET
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1728] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 014F2A5E; RET
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1728] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 014F1BCE; RET
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1728] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 014F1B9A; RET
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1728] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 014F1B03; RET
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1728] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 014F1B2B; RET
.text C:\WINDOWS\eHome\ehmsas.exe[1852] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00D52A5E; RET
.text C:\WINDOWS\eHome\ehmsas.exe[1852] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00D51BCE; RET
.text C:\WINDOWS\eHome\ehmsas.exe[1852] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00D51B9A; RET
.text C:\WINDOWS\eHome\ehmsas.exe[1852] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00D51B03; RET
.text C:\WINDOWS\eHome\ehmsas.exe[1852] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00D51B2B; RET
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[1928] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00FD2A5E; RET
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[1928] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00FD1BCE; RET
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[1928] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00FD1B9A; RET
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[1928] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00FD1B03; RET
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[1928] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00FD1B2B; RET
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2076] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 01052A5E; RET
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2076] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01051BCE; RET
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2076] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01051B9A; RET
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2076] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01051B03; RET
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2076] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01051B2B; RET
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2124] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 01232A5E; RET
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2124] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01231BCE; RET
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2124] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01231B9A; RET
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2124] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01231B03; RET
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2124] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01231B2B; RET
.text C:\Program Files\QuickTime\QTTask.exe[2296] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 015C2A5E; RET
.text C:\Program Files\QuickTime\QTTask.exe[2296] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 015C1BCE; RET
.text C:\Program Files\QuickTime\QTTask.exe[2296] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 015C1B9A; RET
.text C:\Program Files\QuickTime\QTTask.exe[2296] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 015C1B03; RET
.text C:\Program Files\QuickTime\QTTask.exe[2296] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 015C1B2B; RET
.text C:\WINDOWS\system32\RAMASST.exe[2848] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 010C2A5E; RET
.text C:\WINDOWS\system32\RAMASST.exe[2848] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 010C1BCE; RET
.text C:\WINDOWS\system32\RAMASST.exe[2848] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 010C1B9A; RET
.text C:\WINDOWS\system32\RAMASST.exe[2848] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 010C1B03; RET
.text C:\WINDOWS\system32\RAMASST.exe[2848] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 010C1B2B; RET
.text C:\WINDOWS\Explorer.exe[2860] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 01392A5E; RET
.text C:\WINDOWS\Explorer.exe[2860] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01391BCE; RET
.text C:\WINDOWS\Explorer.exe[2860] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01391B9A; RET
.text C:\WINDOWS\Explorer.exe[2860] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01391B03; RET
.text C:\WINDOWS\Explorer.exe[2860] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01391B2B; RET
.text C:\WINDOWS\system32\ctfmon.exe[2948] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00F32A5E; RET
.text C:\WINDOWS\system32\ctfmon.exe[2948] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00F31BCE; RET
.text C:\WINDOWS\system32\ctfmon.exe[2948] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00F31B9A; RET
.text C:\WINDOWS\system32\ctfmon.exe[2948] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00F31B03; RET
.text C:\WINDOWS\system32\ctfmon.exe[2948] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00F31B2B; RET
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3004] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 013A2A5E; RET
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3004] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 013A1BCE; RET
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3004] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 013A1B9A; RET
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3004] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 013A1B03; RET
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3004] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 013A1B2B; RET
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3196] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 01022A5E; RET
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3196] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01021BCE; RET
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3196] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01021B9A; RET
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3196] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01021B03; RET
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[3196] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01021B2B; RET
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3280] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 01332A5E; RET
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3280] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01331BCE; RET
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3280] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01331B9A; RET
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3280] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01331B03; RET
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[3280] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01331B2B; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3288] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 01032A5E; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3288] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01031BCE; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3288] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01031B9A; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3288] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01031B03; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3288] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01031B2B; RET
.text C:\WINDOWS\system32\igfxpers.exe[3556] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 01A82A5E; RET
.text C:\WINDOWS\system32\igfxpers.exe[3556] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01A81BCE; RET
.text C:\WINDOWS\system32\igfxpers.exe[3556] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01A81B9A; RET
.text C:\WINDOWS\system32\igfxpers.exe[3556] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01A81B03; RET
.text C:\WINDOWS\system32\igfxpers.exe[3556] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01A81B2B; RET
.text C:\WINDOWS\system32\hkcmd.exe[3616] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 017B2A5E; RET
.text C:\WINDOWS\system32\hkcmd.exe[3616] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 017B1BCE; RET
.text C:\WINDOWS\system32\hkcmd.exe[3616] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 017B1B9A; RET
.text C:\WINDOWS\system32\hkcmd.exe[3616] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 017B1B03; RET
.text C:\WINDOWS\system32\hkcmd.exe[3616] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 017B1B2B; RET
.text C:\WINDOWS\ehome\ehtray.exe[3624] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 01222A5E; RET
.text C:\WINDOWS\ehome\ehtray.exe[3624] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01221BCE; RET
.text C:\WINDOWS\ehome\ehtray.exe[3624] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01221B9A; RET
.text C:\WINDOWS\ehome\ehtray.exe[3624] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01221B03; RET
.text C:\WINDOWS\ehome\ehtray.exe[3624] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01221B2B; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3664] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00F22A5E; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3664] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00F21BCE; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3664] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00F21B9A; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3664] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00F21B03; RET
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3664] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00F21B2B; RET
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[3672] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 01332A5E; RET
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[3672] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01331BCE; RET
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[3672] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01331B9A; RET
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[3672] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01331B03; RET
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[3672] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01331B2B; RET
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00FD2A5E; RET
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00FD1BCE; RET
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00FD1B9A; RET
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00FD1B03; RET
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00FD1B2B; RET
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3756] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00EB2A5E; RET
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3756] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00EB1BCE; RET
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3756] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00EB1B9A; RET
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3756] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00EB1B03; RET
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3756] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00EB1B2B; RET
.text C:\Program Files\ltmoh\Ltmoh.exe[3760] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 01102A5E; RET
.text C:\Program Files\ltmoh\Ltmoh.exe[3760] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01101BCE; RET
.text C:\Program Files\ltmoh\Ltmoh.exe[3760] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01101B9A; RET
.text C:\Program Files\ltmoh\Ltmoh.exe[3760] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01101B03; RET
.text C:\Program Files\ltmoh\Ltmoh.exe[3760] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01101B2B; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[3812] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 01852A5E; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[3812] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01851BCE; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[3812] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01851B9A; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[3812] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01851B03; RET
.text C:\Program Files\iTunes\iTunesHelper.exe[3812] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01851B2B; RET
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3824] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 01CA2A5E; RET
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3824] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01CA1BCE; RET
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3824] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01CA1B9A; RET
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3824] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01CA1B03; RET
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3824] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01CA1B2B; RET
.text C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe[3848] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00F32A5E; RET
.text C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe[3848] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00F31BCE; RET
.text C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe[3848] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00F31B9A; RET
.text C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe[3848] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00F31B03; RET
.text C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe[3848] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00F31B2B; RET
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[3904] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00F52A5E; RET
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[3904] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00F51BCE; RET
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[3904] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00F51B9A; RET
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[3904] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00F51B03; RET
.text C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe[3904] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00F51B2B; RET
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[3908] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 04092A5E; RET
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[3908] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 04091BCE; RET
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[3908] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 04091B9A; RET
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[3908] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 04091B03; RET
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[3908] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 04091B2B; RET
.text C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe[3940] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 01272A5E; RET
.text C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe[3940] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01271BCE; RET
.text C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe[3940] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01271B9A; RET
.text C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe[3940] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01271B03; RET
.text C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe[3940] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01271B2B; RET
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3980] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 01662A5E; RET
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3980] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01661BCE; RET
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3980] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01661B9A; RET
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3980] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01661B03; RET
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3980] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01661B2B; RET
.text C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[4792] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00F22A5E; RET
.text C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[4792] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00F21BCE; RET
.text C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[4792] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00F21B9A; RET
.text C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[4792] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00F21B03; RET
.text C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe[4792] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00F21B2B; RET
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5636] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 01312A5E; RET
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5636] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01311BCE; RET
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5636] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01311B9A; RET
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5636] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01311B03; RET
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[5636] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01311B2B; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[5776] KERNEL32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 03772A5E; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[5776] KERNEL32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 03771BCE; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[5776] KERNEL32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 03771B9A; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[5776] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 03771B03; RET
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[5776] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 03771B2B; RET
.text C:\WINDOWS\system32\TPSBattM.exe[5812] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 01122A5E; RET
.text C:\WINDOWS\system32\TPSBattM.exe[5812] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01121BCE; RET
.text C:\WINDOWS\system32\TPSBattM.exe[5812] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01121B9A; RET
.text C:\WINDOWS\system32\TPSBattM.exe[5812] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01121B03; RET
.text C:\WINDOWS\system32\TPSBattM.exe[5812] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01121B2B; RET
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[7240] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00EF2A5E; RET
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[7240] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00EF1BCE; RET
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[7240] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00EF1B9A; RET
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[7240] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00EF1B03; RET
.text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[7240] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00EF1B2B; RET
.text C:\Documents and Settings\Cherri\Desktop\xgdt6ksg.exe[9544] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 01482A5E; RET
.text C:\Documents and Settings\Cherri\Desktop\xgdt6ksg.exe[9544] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01481BCE; RET
.text C:\Documents and Settings\Cherri\Desktop\xgdt6ksg.exe[9544] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01481B9A; RET
.text C:\Documents and Settings\Cherri\Desktop\xgdt6ksg.exe[9544] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01481B03; RET
.text C:\Documents and Settings\Cherri\Desktop\xgdt6ksg.exe[9544] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01481B2B; RET


Report •

#8
December 5, 2009 at 20:54:26
gmer.exe log con't...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[576] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 51EC8B55
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 6AFC4D89
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] FC4D8B00
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 01039FE8
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] FC458B00
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 342000C7
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 4D8B0041
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] C481C7FC
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 00000000
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B000000
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] E58BFC45
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8B55C35D
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 0007E8EC
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 11E80000
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] FFB6E800
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] C35DFFFF
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 68EC8B55
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [0040105E] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 010653E8
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 04C48300
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 8B55C35D
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] BC68FF6A
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 6400411B
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 000000A1
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 89645000
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 00000025
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] D0EC8100
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 89000000
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] FFFF248D
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] E8006AFF
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 00010330
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B04C483
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] FFFF248D
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 031CE8FF
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 30680001
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] 6A004160
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] FF006A01
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 41300415
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 248D8B00
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 89FFFFFF
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 0000C481
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 4C15FF00
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 89004130
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 7D81F045
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 8B177500
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] FFFF2495
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] C4828BFF
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 50000000
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 300015FF
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] C0330041
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 006A58EB
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 341015FF
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 006A0041
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FF2C8D8D
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] C1E8FFFF
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] C7000001
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 0000FC45
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 8D8B0000
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] FFFFFF24
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] FF2C958D
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 5189FFFF
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 2C8D8D20
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] E8FFFFFF
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 0001029C
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 0000FFFF
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 45C70000
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] FFFFFFFC
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 2C8D8DFF
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] E8FFFFFF
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 000000A4
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] FF28858B
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 4D8BFFFF
IAT C:\WINDOWS\System32\svchost.exe[1488] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0D8964F4

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 87314618

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DA8248E22DC6130419A6C39FBB2FED9C\Usage@Unload 998590752

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


Report •

#9
December 5, 2009 at 21:02:14
exehelper log #1...


exeHelper by Raktor
Build 20091204
Run at 00:00:05 on 12/06/09
Now searching...
Checking for numerical processes...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1060361796
Checking for sysguard processes...
Checking for bad processes...
Killed process opeia.exe
Checking for bad files...
Deleting file C:\WINDOWS\system32\BtwSrv.dll
Error deleting C:\WINDOWS\system32\BtwSrv.dll - Set for removal on reboot - PLEASE REBOOT
Deleting file C:\WINDOWS\system32\calc.dll
Error deleting C:\WINDOWS\system32\calc.dll - Set for removal on reboot - PLEASE REBOOT
Deleting file C:\WINDOWS\system32\lsm32.sys
Error deleting C:\WINDOWS\system32\lsm32.sys - Set for removal on reboot - PLEASE REBOOT
Deleting file C:\WINDOWS\system32\opeia.exe
Deleting file C:\Documents and Settings\Cherri\Start Menu\Programs\Startup\scandisk.dll
Deleting file C:\Documents and Settings\Cherri\Start Menu\Programs\Startup\scandisk.lnk
Deleting file C:\Documents and Settings\Cherri\ntuser.dll
Checking for bad registry entries...
Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


Report •

#10
December 5, 2009 at 21:05:06
exehelperlog #2...

exeHelper by Raktor
Build 20091204
Run at 00:00:05 on 12/06/09
Now searching...
Checking for numerical processes...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1060361796
Checking for sysguard processes...
Checking for bad processes...
Killed process opeia.exe
Checking for bad files...
Deleting file C:\WINDOWS\system32\BtwSrv.dll
Error deleting C:\WINDOWS\system32\BtwSrv.dll - Set for removal on reboot - PLEASE REBOOT
Deleting file C:\WINDOWS\system32\calc.dll
Error deleting C:\WINDOWS\system32\calc.dll - Set for removal on reboot - PLEASE REBOOT
Deleting file C:\WINDOWS\system32\lsm32.sys
Error deleting C:\WINDOWS\system32\lsm32.sys - Set for removal on reboot - PLEASE REBOOT
Deleting file C:\WINDOWS\system32\opeia.exe
Deleting file C:\Documents and Settings\Cherri\Start Menu\Programs\Startup\scandisk.dll
Deleting file C:\Documents and Settings\Cherri\Start Menu\Programs\Startup\scandisk.lnk
Deleting file C:\Documents and Settings\Cherri\ntuser.dll
Checking for bad registry entries...
Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20091204
Run at 00:05:06 on 12/06/09
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\WINDOWS\system32\BtwSrv.dll
Error deleting C:\WINDOWS\system32\BtwSrv.dll - Set for removal on reboot - PLEASE REBOOT
Deleting file C:\WINDOWS\system32\calc.dll
Error deleting C:\WINDOWS\system32\calc.dll - Set for removal on reboot - PLEASE REBOOT
Deleting file C:\WINDOWS\system32\lsm32.sys
Error deleting C:\WINDOWS\system32\lsm32.sys - Set for removal on reboot - PLEASE REBOOT
Deleting file C:\WINDOWS\system32\opeia.exe
Deleting file C:\Documents and Settings\Cherri\Start Menu\Programs\Startup\scandisk.dll
Deleting file C:\Documents and Settings\Cherri\Start Menu\Programs\Startup\scandisk.lnk
Deleting file C:\Documents and Settings\Cherri\ntuser.dll
Checking for bad registry entries...
Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


Report •

#11
December 5, 2009 at 22:13:45
C:\combo-fix.txt log...

ComboFix 09-12-05.03 - Cherri 12/06/2009 0:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.662 [GMT -5:00]
Running from: c:\documents and settings\Cherri\Desktop\combofix.exe
AV: McAfee VirusScan Online *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Cherri\My Documents\ZbThumbnail.info
c:\documents and settings\Cherri\ntuser.dll
c:\documents and settings\Cherri\Start Menu\Programs\Startup\scandisk.dll
c:\documents and settings\Cherri\Start Menu\Programs\Startup\scandisk.lnk
c:\recycler\S-1-5-21-3868997124-911790988-508925577-500
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Install.txt
c:\windows\kb913800.exe
c:\windows\system32\__c007EE5C.dat
c:\windows\system32\__c0088ABE.exe
c:\windows\system32\2518074087.dat
c:\windows\system32\6to4v32.dll
c:\windows\system32\ahuip.exe
c:\windows\system32\BtwSrv.dll
c:\windows\system32\calc.dll
c:\windows\system32\certstore.dat
c:\windows\system32\dutewene.dll
c:\windows\system32\FastNetSrv.exe
c:\windows\system32\FInstall.sys
c:\windows\system32\Install.txt
c:\windows\system32\kovoveru.dll
c:\windows\system32\lsm32.sys
c:\windows\system32\nagosepa.dll
c:\windows\system32\nobusuni.dll
c:\windows\system32\nurorobo.dll
c:\windows\system32\nutarezu.dll
c:\windows\system32\opeia.exe
c:\windows\system32\popoyiso.dll
c:\windows\system32\retoseti.dll
c:\windows\system32\sijoluja.dll
c:\windows\system32\sizagadi.dll
c:\windows\system32\vofomeru.dll
c:\windows\system32\voforifo.dll
c:\windows\system32\winmes.sys
c:\windows\system32\wmdtc.exe
c:\windows\system32\wonudaya.dll
c:\windows\Tasks\hiyxcbhv.job
c:\windows\TEMP\mta13187.dll
C:\xcrashdump.dat

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_BTWSRV
-------\Legacy_FASTNETSRV
-------\Legacy_SSHNAS
-------\Legacy_WINMGMTSRSERVICE
-------\Service_6to4
-------\Service_BtwSrv
-------\Service_fastnetsrv
-------\Service_winmgmtsrservice
-------\Legacy_winmes
-------\Service_winmes


((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-06 03:50 . 2009-12-06 03:51 -------- d-----w- c:\program files\trend micro
2009-12-06 03:50 . 2009-12-06 03:52 -------- d-----w- C:\rsit
2009-12-05 11:54 . 2009-12-05 11:54 62464 --sh--w- c:\windows\system32\wahijisa.dll
2009-12-05 01:51 . 2009-12-05 01:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-04 22:49 . 2009-12-04 22:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-04 21:13 . 2009-12-04 21:13 155648 ----a-w- C:\qfbtcf.exe
2009-12-04 21:13 . 2009-12-04 21:13 30206 ----a-w- C:\wxiuk.exe
2009-12-04 21:13 . 2009-12-04 21:13 51712 ----a-w- C:\umvoku.exe
2009-12-04 21:13 . 2009-12-04 21:13 53248 ----a-w- C:\wpbitj.exe
2009-12-01 14:31 . 2009-12-01 14:32 -------- d-----w- c:\documents and settings\Everybody\Application Data\Apple Computer
2009-12-01 14:26 . 2009-12-01 14:26 -------- d-sh--w- c:\documents and settings\Everybody\IECompatCache
2009-12-01 14:22 . 2009-12-01 14:22 -------- d-----w- c:\documents and settings\Everybody\Application Data\Malwarebytes
2009-11-30 22:13 . 2009-11-30 22:13 -------- d-----w- c:\program files\MSN Toolbar
2009-11-30 22:12 . 2009-11-30 22:14 -------- d-----w- c:\program files\MSN Toolbar Installer
2009-11-26 14:19 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-26 14:19 . 2009-12-04 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-26 14:19 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-23 21:01 . 2009-11-23 21:01 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Microsoft
2009-11-21 23:22 . 2009-12-03 14:26 -------- d-----w- c:\documents and settings\Everybody\Application Data\COMCASTTOOLBAR
2009-11-21 23:12 . 2009-11-21 23:12 -------- d-----w- c:\documents and settings\Everybody\Local Settings\Application Data\HP
2009-11-21 23:11 . 2009-11-21 23:11 -------- d-sh--w- c:\documents and settings\Everybody\PrivacIE
2009-11-21 23:11 . 2009-12-02 18:14 -------- d-----w- c:\documents and settings\Everybody\Local Settings\Application Data\Apple Computer
2009-11-21 23:11 . 2009-11-21 23:11 -------- d-----w- c:\documents and settings\Everybody\Local Settings\Application Data\Toshiba
2009-11-21 23:09 . 2006-02-16 09:56 -------- d-----w- c:\documents and settings\Everybody\Application Data\You've Got Pictures Screensaver
2009-11-20 10:46 . 2009-11-20 10:46 -------- d-----w- c:\program files\iPod
2009-11-20 10:46 . 2009-11-20 10:47 -------- d-----w- c:\program files\iTunes
2009-11-20 10:46 . 2009-11-20 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-20 10:45 . 2009-11-20 10:45 -------- d-----w- c:\program files\Bonjour
2009-11-20 10:43 . 2009-11-20 10:44 -------- d-----w- c:\program files\QuickTime
2009-11-20 10:41 . 2009-08-29 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-11-20 10:41 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-11-20 10:38 . 2009-11-20 10:38 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-20 10:33 . 2009-11-20 10:33 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-18 12:55 . 2009-11-18 12:55 -------- d-sh--w- c:\documents and settings\thias\IETldCache
2009-11-17 22:11 . 2009-11-17 22:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft
2009-11-17 02:55 . 2009-11-17 02:55 -------- d-sh--w- c:\documents and settings\Cherri\IECompatCache
2009-11-17 02:51 . 2009-11-17 02:51 -------- d-sh--w- c:\documents and settings\Cherri\PrivacIE
2009-11-17 02:49 . 2009-11-17 02:49 -------- d-sh--w- c:\documents and settings\Cherri\IETldCache
2009-11-17 02:49 . 2009-11-17 02:49 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-17 02:41 . 2009-11-18 12:31 -------- d-----w- c:\windows\ie8updates
2009-11-17 02:35 . 2009-11-17 02:38 -------- dc-h--w- c:\windows\ie8
2009-11-17 02:33 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-11-17 02:33 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-17 02:33 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-16 01:17 . 2009-11-16 01:17 -------- d-----w- c:\documents and settings\thias\Local Settings\Application Data\HP
2009-11-16 01:17 . 2009-11-16 01:17 -------- d-----w- c:\documents and settings\thias\Local Settings\Application Data\Apple Computer
2009-11-16 01:17 . 2009-11-16 01:17 -------- d-----w- c:\documents and settings\thias\Local Settings\Application Data\Toshiba
2009-11-10 22:40 . 2009-11-23 21:09 79488 ----a-w- c:\documents and settings\Cherri\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-09 20:33 . 2009-11-30 22:13 -------- d-----w- c:\program files\Microsoft
2009-11-09 20:33 . 2009-11-09 20:33 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-09 20:32 . 2009-11-30 22:12 -------- d-----w- c:\program files\Nick Jr. Arcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 05:55 . 2007-06-13 14:54 -------- d-----w- c:\documents and settings\Cherri\Application Data\LimeWire
2009-12-05 13:33 . 2008-11-04 08:57 -------- d-----w- c:\program files\LimeWire
2009-12-04 21:24 . 2007-07-02 17:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-23 23:05 . 2008-05-21 17:34 -------- d-----w- c:\documents and settings\Cherri\Application Data\ZoomBrowser EX
2009-11-23 23:05 . 2008-05-21 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-11-23 21:02 . 2009-11-23 21:01 72592 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-23 21:02 . 2009-11-23 21:01 128 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2009-11-23 01:16 . 2009-11-23 01:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-11-23 01:16 . 2009-11-23 01:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-21 23:12 . 2009-11-21 23:10 72592 ----a-w- c:\documents and settings\Everybody\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 23:11 . 2009-11-21 23:10 132 ----a-w- c:\documents and settings\Everybody\Local Settings\Application Data\fusioncache.dat
2009-11-20 21:12 . 2007-08-02 06:54 -------- d-----w- c:\documents and settings\Cherri\Application Data\Apple Computer
2009-11-20 10:46 . 2008-01-25 20:21 -------- d-----w- c:\program files\Common Files\Apple
2009-11-20 10:36 . 2008-09-10 14:27 -------- d-----w- c:\program files\Safari
2009-11-19 02:29 . 2008-09-02 10:39 -------- d-----w- c:\program files\McAfee
2009-11-16 01:23 . 2009-11-16 01:16 -------- d-----w- c:\documents and settings\thias\Application Data\toshiba
2009-11-16 01:17 . 2009-11-16 01:16 128 ----a-w- c:\documents and settings\thias\Local Settings\Application Data\fusioncache.dat
2009-11-14 04:43 . 2006-02-25 07:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-11 14:39 . 2006-02-16 09:28 -------- d-----w- c:\program files\Java
2009-11-11 14:31 . 2007-06-09 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-11-11 14:30 . 2006-02-16 10:14 -------- d-----w- c:\program files\Yahoo!
2009-11-03 03:24 . 2009-11-03 03:24 -------- d-----w- c:\program files\HOTLLAMA Media
2009-10-21 17:01 . 2008-09-02 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-21 17:01 . 2008-09-02 10:39 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-21 16:44 . 2007-02-07 00:02 -------- d-----w- c:\program files\support.com
2009-10-21 16:41 . 2007-03-23 00:04 -------- d-----w- c:\program files\The Learning Company
2009-10-20 19:51 . 2006-02-16 10:39 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 15:28 . 2009-03-06 03:29 -------- d-----w- c:\program files\AVS4YOU
2009-10-15 15:28 . 2009-03-06 03:29 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-09-11 14:18 . 2006-02-15 14:03 136192 ----a-w- c:\windows\system32\msv1_0.dll
2007-03-13 03:22 . 2007-03-13 03:22 251 -c--a-w- c:\program files\wt3d.ini
2009-09-06 00:36 . 2009-09-06 00:36 3 --sha-w- c:\windows\system32\barinoka.dll
2009-09-06 00:13 . 2009-09-06 00:13 3 --sha-w- c:\windows\system32\jarugimo.dll
2009-09-05 09:21 . 2009-09-05 09:21 53760 --sha-w- c:\windows\system32\kumutaje.dll
2009-09-06 00:13 . 2009-09-06 00:13 3 --sha-w- c:\windows\system32\liyilovu.dll
2009-09-05 09:19 . 2009-09-05 09:19 16384 --sha-w- c:\windows\system32\lodatopa.dll
2009-09-06 00:36 . 2009-09-06 00:36 3 --sha-w- c:\windows\system32\losiluso.dll
2009-09-06 00:36 . 2009-09-06 00:36 3 --sha-w- c:\windows\system32\rahuweru.dll
2009-09-06 00:13 . 2009-09-06 00:13 3 --sha-w- c:\windows\system32\rokataje.dll
2009-09-05 09:19 . 2009-09-05 09:19 53760 --sha-w- c:\windows\system32\sojamuli.dll
2009-09-06 00:36 . 2009-09-06 00:36 3 --sha-w- c:\windows\system32\wiboniza.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4bf9d4ea-5cba-44b2-9f92-03430ceda92b}]
2009-09-05 09:21 53760 --sha-w- c:\windows\system32\kumutaje.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-17 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-09 151552]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"CFSServ.exe"="CFSServ.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-01 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe" [2009-11-18 240480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Cherri\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-6-22 139776]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
PowerReg Scheduler V3.exe [2007-5-16 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-7 1744896]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcupdate.exe"=
"c:\\Program Files\\TOSHIBA\\Bluetooth Toshiba Stack\\TosBtMng.exe"=

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Search
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {40255345-30A1-468A-93FC-34E33C9F11F1} = 193.104.110.38,4.2.2.1,68.87.73.242 68.87.71.226
TCP: {98BAC252-FDE3-4BB0-8104-D3A86951A0E2} = 193.104.110.38,4.2.2.1
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
HKLM-Run-tgcmd - c:\program files\Support.com\bin\tgcmd.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-serisejeh - c:\windows\system32\voforifo.dll
HKLM-Run-mogiluhehe - nagosepa.dll
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
SharedTaskScheduler-{45c48922-0c64-43d8-a7e1-8e343151d1c6} - c:\windows\system32\minipire.dll
SharedTaskScheduler-{08f43139-f058-4563-9b85-c7e572427b80} - c:\windows\system32\voforifo.dll
SSODL-zezihiniz-{45c48922-0c64-43d8-a7e1-8e343151d1c6} - c:\windows\system32\minipire.dll
SSODL-hodubedoz-{08f43139-f058-4563-9b85-c7e572427b80} - c:\windows\system32\voforifo.dll
SafeBoot-MCODS

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 01:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5700)
c:\windows\system32\WININET.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\TDispVol.exe
c:\windows\AGRSMMSG.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-12-06 01:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-06 06:10

Pre-Run: 1,209,651,200 bytes free
Post-Run: 1,565,741,056 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - C8EA43544968EBCE17CAE99113B76422


Report •

#12
December 6, 2009 at 06:18:26
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\system32\wahijisa.dll
C:\qfbtcf.exe
C:\wxiuk.exe
C:\umvoku.exe
C:\wpbitj.exe
c:\windows\system32\barinoka.dll
c:\windows\system32\jarugimo.dll
c:\windows\system32\kumutaje.dll
c:\windows\system32\liyilovu.dll
c:\windows\system32\lodatopa.dll
c:\windows\system32\losiluso.dll
c:\windows\system32\rahuweru.dll
c:\windows\system32\rokataje.dll
c:\windows\system32\sojamuli.dll
c:\windows\system32\wiboniza.dll

Registry::
-[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4bf9d4ea-5cba-44b2-9f92-03430ceda92b}]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.

Post a new Combofix log following the previous directions.


Please download MBR.exe from this link:
Link1
Save the file in your Root directory (C:\)..not the desktop

1. Run Command Prompt as administrator:
2. Click on Start button.
3. Type Cmd in the Start Search text box.
4. Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator.
5. Copy and paste the following lines one by one in the open command window and press Enter after each line:

cd\
c:\mbr.exe -t
c:\mbr.log

6. A log file (c:\mbr.log) will open. Post the contents of it to your reply.


Report •

#13
December 6, 2009 at 09:20:18
New Combo Fix Log...

ComboFix 09-12-06.01 - Cherri 12/06/2009 11:50.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.299 [GMT -5:00]
Running from: c:\documents and settings\Cherri\Desktop\combofix.exe
Command switches used :: c:\documents and settings\Cherri\Desktop\CFScript.txt
AV: McAfee VirusScan Online *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FILE ::
"C:\qfbtcf.exe"
"C:\umvoku.exe"
"c:\windows\system32\barinoka.dll"
"c:\windows\system32\jarugimo.dll"
"c:\windows\system32\kumutaje.dll"
"c:\windows\system32\liyilovu.dll"
"c:\windows\system32\lodatopa.dll"
"c:\windows\system32\losiluso.dll"
"c:\windows\system32\rahuweru.dll"
"c:\windows\system32\rokataje.dll"
"c:\windows\system32\sojamuli.dll"
"c:\windows\system32\wahijisa.dll"
"c:\windows\system32\wiboniza.dll"
"C:\wpbitj.exe"
"C:\wxiuk.exe"
.
Error: Cfiles.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\qfbtcf.exe
C:\umvoku.exe
c:\windows\system32\barinoka.dll
c:\windows\system32\guyeroso.dll
c:\windows\system32\jarugimo.dll
c:\windows\system32\jomibeyo.dll
c:\windows\system32\kumutaje.dll
c:\windows\system32\liyilovu.dll
c:\windows\system32\lodatopa.dll
c:\windows\system32\lopudoso.dll
c:\windows\system32\losiluso.dll
c:\windows\system32\rahuweru.dll
c:\windows\system32\rokataje.dll
c:\windows\system32\sojamuli.dll
c:\windows\system32\tovevufe.dll
c:\windows\system32\wahijisa.dll
c:\windows\system32\wiboniza.dll
c:\windows\system32\yiyavewe.dll
C:\wpbitj.exe
C:\wxiuk.exe

----- BITS: Possible infected sites -----

hxxp://82.98.235.29
.
((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-06 03:50 . 2009-12-06 03:51 -------- d-----w- c:\program files\trend micro
2009-12-06 03:50 . 2009-12-06 03:52 -------- d-----w- C:\rsit
2009-12-05 01:51 . 2009-12-05 01:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-04 22:49 . 2009-12-04 22:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-01 14:31 . 2009-12-01 14:32 -------- d-----w- c:\documents and settings\Everybody\Application Data\Apple Computer
2009-12-01 14:26 . 2009-12-01 14:26 -------- d-sh--w- c:\documents and settings\Everybody\IECompatCache
2009-12-01 14:22 . 2009-12-01 14:22 -------- d-----w- c:\documents and settings\Everybody\Application Data\Malwarebytes
2009-11-30 22:13 . 2009-11-30 22:13 -------- d-----w- c:\program files\MSN Toolbar
2009-11-30 22:12 . 2009-11-30 22:14 -------- d-----w- c:\program files\MSN Toolbar Installer
2009-11-26 14:19 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-26 14:19 . 2009-12-04 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-26 14:19 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-23 21:02 . 2009-11-23 21:02 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\HP
2009-11-23 21:01 . 2009-11-23 21:01 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Microsoft
2009-11-21 23:22 . 2009-12-03 14:26 -------- d-----w- c:\documents and settings\Everybody\Application Data\COMCASTTOOLBAR
2009-11-21 23:12 . 2009-11-21 23:12 -------- d-----w- c:\documents and settings\Everybody\Local Settings\Application Data\HP
2009-11-21 23:11 . 2009-11-21 23:11 -------- d-sh--w- c:\documents and settings\Everybody\PrivacIE
2009-11-21 23:11 . 2009-12-02 18:14 -------- d-----w- c:\documents and settings\Everybody\Local Settings\Application Data\Apple Computer
2009-11-21 23:11 . 2009-11-21 23:11 -------- d-----w- c:\documents and settings\Everybody\Local Settings\Application Data\Toshiba
2009-11-21 23:09 . 2006-02-16 09:56 -------- d-----w- c:\documents and settings\Everybody\Application Data\You've Got Pictures Screensaver
2009-11-20 10:46 . 2009-11-20 10:46 -------- d-----w- c:\program files\iPod
2009-11-20 10:46 . 2009-11-20 10:47 -------- d-----w- c:\program files\iTunes
2009-11-20 10:46 . 2009-11-20 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-20 10:45 . 2009-11-20 10:45 -------- d-----w- c:\program files\Bonjour
2009-11-20 10:43 . 2009-11-20 10:44 -------- d-----w- c:\program files\QuickTime
2009-11-20 10:41 . 2009-08-29 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-11-20 10:41 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-11-20 10:38 . 2009-11-20 10:38 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-20 10:33 . 2009-11-20 10:33 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-18 12:55 . 2009-11-18 12:55 -------- d-sh--w- c:\documents and settings\thias\IETldCache
2009-11-17 22:11 . 2009-11-17 22:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft
2009-11-17 02:55 . 2009-11-17 02:55 -------- d-sh--w- c:\documents and settings\Cherri\IECompatCache
2009-11-17 02:51 . 2009-11-17 02:51 -------- d-sh--w- c:\documents and settings\Cherri\PrivacIE
2009-11-17 02:49 . 2009-11-17 02:49 -------- d-sh--w- c:\documents and settings\Cherri\IETldCache
2009-11-17 02:49 . 2009-11-17 02:49 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-17 02:41 . 2009-11-18 12:31 -------- d-----w- c:\windows\ie8updates
2009-11-17 02:35 . 2009-11-17 02:38 -------- dc-h--w- c:\windows\ie8
2009-11-17 02:33 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-11-17 02:33 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-17 02:33 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-16 01:17 . 2009-11-16 01:17 -------- d-----w- c:\documents and settings\thias\Local Settings\Application Data\HP
2009-11-16 01:17 . 2009-11-16 01:17 -------- d-----w- c:\documents and settings\thias\Local Settings\Application Data\Apple Computer
2009-11-16 01:17 . 2009-11-16 01:17 -------- d-----w- c:\documents and settings\thias\Local Settings\Application Data\Toshiba
2009-11-16 01:17 . 2009-11-16 01:17 -------- d-----w- c:\documents and settings\thias\Local Settings\Application Data\SupportSoft
2009-11-10 22:40 . 2009-11-23 21:09 79488 ----a-w- c:\documents and settings\Cherri\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-09 20:33 . 2009-11-30 22:13 -------- d-----w- c:\program files\Microsoft
2009-11-09 20:33 . 2009-11-09 20:33 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-09 20:32 . 2009-11-30 22:12 -------- d-----w- c:\program files\Nick Jr. Arcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 17:04 . 2007-06-13 14:54 -------- d-----w- c:\documents and settings\Cherri\Application Data\LimeWire
2009-12-05 13:33 . 2008-11-04 08:57 -------- d-----w- c:\program files\LimeWire
2009-12-04 21:24 . 2007-07-02 17:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-23 23:05 . 2008-05-21 17:34 -------- d-----w- c:\documents and settings\Cherri\Application Data\ZoomBrowser EX
2009-11-23 23:05 . 2008-05-21 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-11-23 21:02 . 2009-11-23 21:01 72592 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-23 21:02 . 2009-11-23 21:01 128 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2009-11-23 01:16 . 2009-11-23 01:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-11-23 01:16 . 2009-11-23 01:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-21 23:12 . 2009-11-21 23:10 72592 ----a-w- c:\documents and settings\Everybody\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 23:11 . 2009-11-21 23:10 132 ----a-w- c:\documents and settings\Everybody\Local Settings\Application Data\fusioncache.dat
2009-11-20 21:12 . 2007-08-02 06:54 -------- d-----w- c:\documents and settings\Cherri\Application Data\Apple Computer
2009-11-20 10:46 . 2008-01-25 20:21 -------- d-----w- c:\program files\Common Files\Apple
2009-11-20 10:36 . 2008-09-10 14:27 -------- d-----w- c:\program files\Safari
2009-11-19 02:29 . 2008-09-02 10:39 -------- d-----w- c:\program files\McAfee
2009-11-16 01:23 . 2009-11-16 01:16 -------- d-----w- c:\documents and settings\thias\Application Data\toshiba
2009-11-16 01:17 . 2009-11-16 01:16 128 ----a-w- c:\documents and settings\thias\Local Settings\Application Data\fusioncache.dat
2009-11-14 04:43 . 2006-02-25 07:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-11 14:39 . 2006-02-16 09:28 -------- d-----w- c:\program files\Java
2009-11-11 14:31 . 2007-06-09 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-11-11 14:30 . 2006-02-16 10:14 -------- d-----w- c:\program files\Yahoo!
2009-11-03 03:24 . 2009-11-03 03:24 -------- d-----w- c:\program files\HOTLLAMA Media
2009-10-21 17:01 . 2008-09-02 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-21 17:01 . 2008-09-02 10:39 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-21 16:44 . 2007-02-07 00:02 -------- d-----w- c:\program files\support.com
2009-10-21 16:41 . 2007-03-23 00:04 -------- d-----w- c:\program files\The Learning Company
2009-10-20 19:51 . 2006-02-16 10:39 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 15:28 . 2009-03-06 03:29 -------- d-----w- c:\program files\AVS4YOU
2009-10-15 15:28 . 2009-03-06 03:29 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-09-11 14:18 . 2006-02-15 14:03 136192 ----a-w- c:\windows\system32\msv1_0.dll
2007-03-13 03:22 . 2007-03-13 03:22 251 -c--a-w- c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-12-06_05.55.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-06 17:00 . 2009-12-06 17:00 16384 c:\windows\Temp\Perflib_Perfdata_4e8.dat
+ 2006-02-15 15:41 . 2009-12-06 16:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-02-15 15:41 . 2009-12-06 04:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-12-06 16:00 . 2009-12-06 16:00 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-17 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-09 151552]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"CFSServ.exe"="CFSServ.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-01 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe" [2009-11-18 240480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"serisejeh"="c:\windows\system32\tovevufe.dll" [BU]
"mogiluhehe"="nagosepa.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Cherri\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-6-22 139776]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
PowerReg Scheduler V3.exe [2007-5-16 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-7 1744896]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcupdate.exe"=
"c:\\Program Files\\TOSHIBA\\Bluetooth Toshiba Stack\\TosBtMng.exe"=

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Search
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {40255345-30A1-468A-93FC-34E33C9F11F1} = 193.104.110.38,4.2.2.1,68.87.73.242 68.87.71.226
TCP: {98BAC252-FDE3-4BB0-8104-D3A86951A0E2} = 193.104.110.38,4.2.2.1
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{4bf9d4ea-5cba-44b2-9f92-03430ceda92b} - kumutaje.dll
SharedTaskScheduler-{eea16f4b-ca70-4e80-9efc-8819a73d1f7e} - c:\windows\system32\tovevufe.dll
SSODL-jedetupug-{eea16f4b-ca70-4e80-9efc-8819a73d1f7e} - c:\windows\system32\tovevufe.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 12:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3588)
c:\windows\system32\WININET.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\TDispVol.exe
c:\windows\AGRSMMSG.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-12-06 12:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-06 17:15
ComboFix2.txt 2009-12-06 06:10

Pre-Run: 1,538,846,720 bytes free
Post-Run: 1,529,163,776 bytes free

- - End Of File - - FB3E5CC4ED3AD2B3D630DFE5E0BE8C6B


Report •

#14
December 6, 2009 at 09:37:23
I saved Mbr.exe to my C drive, when I ran it a black screen appeared then disappeared. It did nothing after that. Am I supposed to go to the windows start menu and search for cmd?

Report •

#15
December 6, 2009 at 10:17:11
There should be a log at C:\mbr.log

Report •

#16
December 6, 2009 at 10:27:27
mbr.log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


Report •

#17
December 6, 2009 at 12:15:37
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\system32\tovevufe.dll
c:\windows\system32\nagosepa.dll
c:\windows\system32\voforifo.dll

Driver::
hodubedoz
zezihiniz
serisejeh
jugezatag
mujuzedij

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"serisejeh"=-
"mogiluhehe"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.

Please post a new Hiijack This log.


Report •

#18
December 6, 2009 at 15:13:55
ComboFix 09-12-06.07 - Cherri 12/06/2009 17:05.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.335 [GMT -5:00]
Running from: c:\documents and settings\Cherri\Desktop\combofix.exe
Command switches used :: c:\documents and settings\Cherri\Desktop\CFScript.txt
AV: McAfee VirusScan Online *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FILE ::
"c:\windows\system32\nagosepa.dll"
"c:\windows\system32\tovevufe.dll"
"c:\windows\system32\voforifo.dll"
.

((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-06 17:32 . 2009-12-06 17:33 77312 ----a-w- C:\mbr.exe
2009-12-06 03:50 . 2009-12-06 03:51 -------- d-----w- c:\program files\trend micro
2009-12-06 03:50 . 2009-12-06 03:52 -------- d-----w- C:\rsit
2009-12-05 01:51 . 2009-12-05 01:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-04 22:49 . 2009-12-04 22:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-01 14:31 . 2009-12-01 14:32 -------- d-----w- c:\documents and settings\Everybody\Application Data\Apple Computer
2009-12-01 14:26 . 2009-12-01 14:26 -------- d-sh--w- c:\documents and settings\Everybody\IECompatCache
2009-12-01 14:22 . 2009-12-01 14:22 -------- d-----w- c:\documents and settings\Everybody\Application Data\Malwarebytes
2009-11-30 22:13 . 2009-11-30 22:13 -------- d-----w- c:\program files\MSN Toolbar
2009-11-30 22:12 . 2009-11-30 22:14 -------- d-----w- c:\program files\MSN Toolbar Installer
2009-11-26 14:19 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-26 14:19 . 2009-12-04 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-26 14:19 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-23 21:02 . 2009-11-23 21:02 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\HP
2009-11-23 21:01 . 2009-11-23 21:01 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Microsoft
2009-11-21 23:22 . 2009-12-03 14:26 -------- d-----w- c:\documents and settings\Everybody\Application Data\COMCASTTOOLBAR
2009-11-21 23:12 . 2009-11-21 23:12 -------- d-----w- c:\documents and settings\Everybody\Local Settings\Application Data\HP
2009-11-21 23:11 . 2009-11-21 23:11 -------- d-sh--w- c:\documents and settings\Everybody\PrivacIE
2009-11-21 23:11 . 2009-12-02 18:14 -------- d-----w- c:\documents and settings\Everybody\Local Settings\Application Data\Apple Computer
2009-11-21 23:11 . 2009-11-21 23:11 -------- d-----w- c:\documents and settings\Everybody\Local Settings\Application Data\Toshiba
2009-11-21 23:09 . 2006-02-16 09:56 -------- d-----w- c:\documents and settings\Everybody\Application Data\You've Got Pictures Screensaver
2009-11-20 10:46 . 2009-11-20 10:46 -------- d-----w- c:\program files\iPod
2009-11-20 10:46 . 2009-11-20 10:47 -------- d-----w- c:\program files\iTunes
2009-11-20 10:46 . 2009-11-20 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-20 10:45 . 2009-11-20 10:45 -------- d-----w- c:\program files\Bonjour
2009-11-20 10:43 . 2009-11-20 10:44 -------- d-----w- c:\program files\QuickTime
2009-11-20 10:41 . 2009-08-29 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-11-20 10:41 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-11-20 10:38 . 2009-11-20 10:38 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-20 10:33 . 2009-11-20 10:33 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-18 12:55 . 2009-11-18 12:55 -------- d-sh--w- c:\documents and settings\thias\IETldCache
2009-11-17 22:11 . 2009-11-17 22:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft
2009-11-17 02:55 . 2009-11-17 02:55 -------- d-sh--w- c:\documents and settings\Cherri\IECompatCache
2009-11-17 02:51 . 2009-11-17 02:51 -------- d-sh--w- c:\documents and settings\Cherri\PrivacIE
2009-11-17 02:49 . 2009-11-17 02:49 -------- d-sh--w- c:\documents and settings\Cherri\IETldCache
2009-11-17 02:49 . 2009-11-17 02:49 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-17 02:41 . 2009-11-18 12:31 -------- d-----w- c:\windows\ie8updates
2009-11-17 02:35 . 2009-11-17 02:38 -------- dc-h--w- c:\windows\ie8
2009-11-17 02:33 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-11-17 02:33 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-17 02:33 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-16 01:17 . 2009-11-16 01:17 -------- d-----w- c:\documents and settings\thias\Local Settings\Application Data\HP
2009-11-16 01:17 . 2009-11-16 01:17 -------- d-----w- c:\documents and settings\thias\Local Settings\Application Data\Apple Computer
2009-11-16 01:17 . 2009-11-16 01:17 -------- d-----w- c:\documents and settings\thias\Local Settings\Application Data\Toshiba
2009-11-16 01:17 . 2009-11-16 01:17 -------- d-----w- c:\documents and settings\thias\Local Settings\Application Data\SupportSoft
2009-11-10 22:40 . 2009-11-23 21:09 79488 ----a-w- c:\documents and settings\Cherri\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-09 20:33 . 2009-11-30 22:13 -------- d-----w- c:\program files\Microsoft
2009-11-09 20:33 . 2009-11-09 20:33 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-09 20:32 . 2009-11-30 22:12 -------- d-----w- c:\program files\Nick Jr. Arcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 22:50 . 2007-06-13 14:54 -------- d-----w- c:\documents and settings\Cherri\Application Data\LimeWire
2009-12-05 13:33 . 2008-11-04 08:57 -------- d-----w- c:\program files\LimeWire
2009-12-04 21:24 . 2007-07-02 17:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-23 23:05 . 2008-05-21 17:34 -------- d-----w- c:\documents and settings\Cherri\Application Data\ZoomBrowser EX
2009-11-23 23:05 . 2008-05-21 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-11-23 21:02 . 2009-11-23 21:01 72592 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-23 21:02 . 2009-11-23 21:01 128 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2009-11-23 01:16 . 2009-11-23 01:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-11-23 01:16 . 2009-11-23 01:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-21 23:12 . 2009-11-21 23:10 72592 ----a-w- c:\documents and settings\Everybody\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 23:11 . 2009-11-21 23:10 132 ----a-w- c:\documents and settings\Everybody\Local Settings\Application Data\fusioncache.dat
2009-11-20 21:12 . 2007-08-02 06:54 -------- d-----w- c:\documents and settings\Cherri\Application Data\Apple Computer
2009-11-20 10:46 . 2008-01-25 20:21 -------- d-----w- c:\program files\Common Files\Apple
2009-11-20 10:36 . 2008-09-10 14:27 -------- d-----w- c:\program files\Safari
2009-11-19 02:29 . 2008-09-02 10:39 -------- d-----w- c:\program files\McAfee
2009-11-16 01:23 . 2009-11-16 01:16 -------- d-----w- c:\documents and settings\thias\Application Data\toshiba
2009-11-16 01:17 . 2009-11-16 01:16 128 ----a-w- c:\documents and settings\thias\Local Settings\Application Data\fusioncache.dat
2009-11-14 04:43 . 2006-02-25 07:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-11 14:39 . 2006-02-16 09:28 -------- d-----w- c:\program files\Java
2009-11-11 14:31 . 2007-06-09 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-11-11 14:30 . 2006-02-16 10:14 -------- d-----w- c:\program files\Yahoo!
2009-11-03 03:24 . 2009-11-03 03:24 -------- d-----w- c:\program files\HOTLLAMA Media
2009-10-21 17:01 . 2008-09-02 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-21 17:01 . 2008-09-02 10:39 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-21 16:44 . 2007-02-07 00:02 -------- d-----w- c:\program files\support.com
2009-10-21 16:41 . 2007-03-23 00:04 -------- d-----w- c:\program files\The Learning Company
2009-10-20 19:51 . 2006-02-16 10:39 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 15:28 . 2009-03-06 03:29 -------- d-----w- c:\program files\AVS4YOU
2009-10-15 15:28 . 2009-03-06 03:29 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-09-11 14:18 . 2006-02-15 14:03 136192 ----a-w- c:\windows\system32\msv1_0.dll
2007-03-13 03:22 . 2007-03-13 03:22 251 -c--a-w- c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-12-06_05.55.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-06 22:15 . 2009-12-06 22:15 16384 c:\windows\Temp\Perflib_Perfdata_334.dat
+ 2006-02-15 15:41 . 2009-12-06 20:43 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-02-15 15:41 . 2009-12-06 04:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-12-06 20:43 . 2009-12-06 20:43 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-17 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-09 151552]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"CFSServ.exe"="CFSServ.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-01 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe" [2009-11-18 240480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Cherri\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-6-22 139776]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
PowerReg Scheduler V3.exe [2007-5-16 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-7 1744896]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcupdate.exe"=
"c:\\Program Files\\TOSHIBA\\Bluetooth Toshiba Stack\\TosBtMng.exe"=

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Search
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {40255345-30A1-468A-93FC-34E33C9F11F1} = 193.104.110.38,4.2.2.1,68.87.73.242 68.87.71.226
TCP: {98BAC252-FDE3-4BB0-8104-D3A86951A0E2} = 193.104.110.38,4.2.2.1
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 17:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(616)
c:\windows\system32\WININET.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\TDispVol.exe
c:\windows\AGRSMMSG.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-12-06 18:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-06 23:02
ComboFix2.txt 2009-12-06 17:15
ComboFix3.txt 2009-12-06 06:10

Pre-Run: 1,488,482,304 bytes free
Post-Run: 1,436,205,056 bytes free

- - End Of File - - 54D161717BCB3A066340BE2BDA927E9D


Report •

#19
December 6, 2009 at 15:16:18
I am not sure what a Hiijack this log is? I'm so computer illiterate!!! Thanks so much for helping me with this!

Report •

#20
December 6, 2009 at 15:26:13
Ok, just run RSIT again and post only the first page of the first log...Hijack This is there. Once you have posted the Hijack This log run this online scan as a double check..

Please run the BitDefender online scan this link:
Bitdefender Online Scanner

Click I Agree to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click Click here to scan to begin the scan.
Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
When the scan is finished, click on Click here to export the scan results.
Save the report to your desktop so you can post it in your next reply.


Report •

#21
December 6, 2009 at 17:57:49
Logfile of random's system information tool 1.06 (written by random/random)
Run by Cherri at 2009-12-06 20:58:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (1%) free of 114 GB
Total RAM: 1014 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:52 PM, on 12/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Documents and Settings\Cherri\Desktop\RSIT.exe
C:\Program Files\trend micro\Cherri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=m...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.nickjr.com/playtime/shows/dora/games/dora_pyramid.jhtml"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Po...
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartAc...
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/Slide...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/g...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/...
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls...
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi...
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://vram1.vcu.edu/dwa7W.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40255345-30A1-468A-93FC-34E33C9F11F1}: NameServer = 193.104.110.38,4.2.2.1,68.87.73.242 68.87.71.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{98BAC252-FDE3-4BB0-8104-D3A86951A0E2}: NameServer = 193.104.110.38,4.2.2.1
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 16392 bytes


Report •

#22
December 6, 2009 at 18:32:09
Much Better, everything appears to be clean.

Make sure to re-enable any antivirus or anti-spyware programs you disabled.

A little clean-up to do.

Delete RSIT, GMER, MBR.exe and Win32kDiag from your desktop

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •

#23
December 6, 2009 at 19:57:49
Scan path: C:\;D:\;







Statistics

Time
01:36:25

Files
430302

Folders
16372

Boot Sectors
0

Archives
10262

Packed Files
16537




Results

Identified Viruses
27

Infected Files
75

Suspect Files
0

Warnings
0

Disinfected
9

Deleted Files
66




Engines Info

Virus Definitions
4701587

Engine build
AVCORE v2.1 Windows/i386 11.0.0.26 (Oct 20 2009)

Scan plugins
17

Archive plugins
44

Unpack plugins
8

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Cherri\My Documents\LimeWire\Incomplete\Preview-T-1080643-Lil Ru Ft Gorilla Zoe - Nasty Song Remix - HotNewHipHop.com.wma
Infected with: Trojan.Generic.IS.574696

C:\Documents and Settings\Cherri\My Documents\LimeWire\Incomplete\Preview-T-1080643-Lil Ru Ft Gorilla Zoe - Nasty Song Remix - HotNewHipHop.com.wma
Deleted

C:\Documents and Settings\Cherri\My Documents\LimeWire\Incomplete\Preview-T-5131551-usher sign them papers very best new song.au
Infected with: Trojan.Wimad.Gen.1

C:\Documents and Settings\Cherri\My Documents\LimeWire\Incomplete\Preview-T-5131551-usher sign them papers very best new song.au
Disinfected

C:\Documents and Settings\Cherri\My Documents\LimeWire\Incomplete\Preview-T-5191647-ready to sign them papers the new unreleased single.au
Infected with: Trojan.Wimad.Gen.1

C:\Documents and Settings\Cherri\My Documents\LimeWire\Incomplete\Preview-T-5191647-ready to sign them papers the new unreleased single.au
Disinfected

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\envy nicki minaj.mp3
Infected with: Trojan.Wimad.Gen.1

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\envy nicki minaj.mp3
Disinfected

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\ft amina harris different me-HQ.mp3
Infected with: Trojan.Wimad.Gen.1

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\ft amina harris different me-HQ.mp3
Disinfected

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\get on my level trillvile.mp3
Infected with: Trojan.Wimad.Gen.1

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\get on my level trillvile.mp3
Disinfected

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\Keyshia Cole - A Different Me - 04 - Erotic.mp3
Infected with: Trojan.Wimad.Gen.1

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\Keyshia Cole - A Different Me - 04 - Erotic.mp3
Disinfected

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\Lil Ru Ft Gorilla Zoe - Nasty Song Remix - HotNewHipHop.com.wma
Infected with: Trojan.Generic.IS.574696

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\Lil Ru Ft Gorilla Zoe - Nasty Song Remix - HotNewHipHop.com.wma
Deleted

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\marsha ambrosius.mp3
Infected with: Trojan.Generic.IS.520533

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\marsha ambrosius.mp3
Deleted

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\my angel bobby valentino.mp3
Infected with: Trojan.Wimad.Gen.1

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\my angel bobby valentino.mp3
Disinfected

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\nikki manaj dream.mpg
Infected with: Trojan.Wimad.Gen.1

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\nikki manaj dream.mpg
Disinfected

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\she feeling me ft nivea lil - greatest hits.wma
Infected with: Trojan.Generic.IS.517939

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\she feeling me ft nivea lil - greatest hits.wma
Deleted

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\these hoes lil boosie (best quality).mp3
Infected with: Trojan.Wimad.Gen.1

C:\Documents and Settings\Cherri\My Documents\LimeWire\Saved\these hoes lil boosie (best quality).mp3
Disinfected

C:\Program Files\limewire music as of 51808\frestyles lil wayne drought 3 cute girl has orgasm on webcam.mp3
Infected with: Trojan.Downloader.Wimad.D

C:\Program Files\limewire music as of 51808\frestyles lil wayne drought 3 cute girl has orgasm on webcam.mp3
Deleted

C:\Qoobox\Quarantine\C\Documents and Settings\Cherri\ntuser.dll.vir
Infected with: Trojan.CryptRedol.Gen.3

C:\Qoobox\Quarantine\C\Documents and Settings\Cherri\ntuser.dll.vir
Deleted

C:\Qoobox\Quarantine\C\Documents and Settings\Cherri\Start Menu\Programs\Startup\scandisk.dll.vir
Infected with: Trojan.CryptRedol.Gen.3

C:\Qoobox\Quarantine\C\Documents and Settings\Cherri\Start Menu\Programs\Startup\scandisk.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\6to4v32.dll.vir
Infected with: Trojan.Generic.2819281

C:\Qoobox\Quarantine\C\WINDOWS\system32\6to4v32.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\ahuip.exe.vir
Infected with: Trojan.Generic.CJ.AGKH

C:\Qoobox\Quarantine\C\WINDOWS\system32\ahuip.exe.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\BtwSrv.dll.vir
Infected with: Trojan.Generic.CJ.AGJA

C:\Qoobox\Quarantine\C\WINDOWS\system32\BtwSrv.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\calc.dll.vir
Infected with: Trojan.CryptRedol.Gen.3

C:\Qoobox\Quarantine\C\WINDOWS\system32\calc.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\FastNetSrv.exe.vir
Infected with: Gen:Trojan.Heur.cG0@SYLztEfb

C:\Qoobox\Quarantine\C\WINDOWS\system32\FastNetSrv.exe.vir
Disinfection failed

C:\Qoobox\Quarantine\C\WINDOWS\system32\FastNetSrv.exe.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\guyeroso.dll.vir
Infected with: Trojan.Vundo.GRH

C:\Qoobox\Quarantine\C\WINDOWS\system32\guyeroso.dll.vir
Disinfection failed

C:\Qoobox\Quarantine\C\WINDOWS\system32\guyeroso.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\kovoveru.dll.vir
Infected with: Trojan.Migotrup.A

C:\Qoobox\Quarantine\C\WINDOWS\system32\kovoveru.dll.vir
Disinfection failed

C:\Qoobox\Quarantine\C\WINDOWS\system32\kovoveru.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\lopudoso.dll.vir
Infected with: Trojan.Migotrup.A

C:\Qoobox\Quarantine\C\WINDOWS\system32\lopudoso.dll.vir
Disinfection failed

C:\Qoobox\Quarantine\C\WINDOWS\system32\lopudoso.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\lsm32.sys.vir
Infected with: Trojan.Generic.CJ.AGIX

C:\Qoobox\Quarantine\C\WINDOWS\system32\lsm32.sys.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\nobusuni.dll.vir
Infected with: Trojan.Vundo.GRH

C:\Qoobox\Quarantine\C\WINDOWS\system32\nobusuni.dll.vir
Disinfection failed

C:\Qoobox\Quarantine\C\WINDOWS\system32\nobusuni.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\nurorobo.dll.vir
Infected with: Trojan.Migotrup.A

C:\Qoobox\Quarantine\C\WINDOWS\system32\nurorobo.dll.vir
Disinfection failed

C:\Qoobox\Quarantine\C\WINDOWS\system32\nurorobo.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\nutarezu.dll.vir
Infected with: Trojan.Vundo.GRH

C:\Qoobox\Quarantine\C\WINDOWS\system32\nutarezu.dll.vir
Disinfection failed

C:\Qoobox\Quarantine\C\WINDOWS\system32\nutarezu.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\opeia.exe.vir
Infected with: Trojan.Generic.CJ.AGKN

C:\Qoobox\Quarantine\C\WINDOWS\system32\opeia.exe.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\popoyiso.dll.vir
Infected with: Trojan.Migotrup.A

C:\Qoobox\Quarantine\C\WINDOWS\system32\popoyiso.dll.vir
Disinfection failed

C:\Qoobox\Quarantine\C\WINDOWS\system32\popoyiso.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\sijoluja.dll.vir
Infected with: Trojan.Vundo.GRH

C:\Qoobox\Quarantine\C\WINDOWS\system32\sijoluja.dll.vir
Disinfection failed

C:\Qoobox\Quarantine\C\WINDOWS\system32\sijoluja.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\sizagadi.dll.vir
Infected with: Trojan.Vundo.GRH

C:\Qoobox\Quarantine\C\WINDOWS\system32\sizagadi.dll.vir
Disinfection failed

C:\Qoobox\Quarantine\C\WINDOWS\system32\sizagadi.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\tovevufe.dll.vir
Infected with: Trojan.Generic.2827365

C:\Qoobox\Quarantine\C\WINDOWS\system32\tovevufe.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\voforifo.dll.vir
Infected with: Trojan.Generic.2827365

C:\Qoobox\Quarantine\C\WINDOWS\system32\voforifo.dll.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\wmdtc.exe.vir
Infected with: Trojan.Generic.CJ.AGKN

C:\Qoobox\Quarantine\C\WINDOWS\system32\wmdtc.exe.vir
Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\__c007EE5C.dat.vir
Infected with: Trojan.Generic.2819243

C:\Qoobox\Quarantine\C\WINDOWS\system32\__c007EE5C.dat.vir
Deleted

C:\Qoobox\Quarantine\[4]-Submit_2009-12-06_11.49.43.zip=>umvoku.exe
Infected with: Trojan.Generic.2829971

C:\Qoobox\Quarantine\[4]-Submit_2009-12-06_11.49.43.zip=>umvoku.exe
Deleted

C:\Qoobox\Quarantine\[4]-Submit_2009-12-06_11.49.43.zip
Updated

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284417.dll
Infected with: Trojan.CryptRedol.Gen.3

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284417.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284419.dll
Infected with: Trojan.Generic.2827365

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284419.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284425.exe
Infected with: Trojan.Generic.CJ.AGCA

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284425.exe
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284427.exe
Infected with: Trojan.Generic.CJ.AGCA

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284427.exe
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284440.dll
Infected with: Trojan.Generic.CJ.AGBQ

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284440.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284441.exe
Infected with: Gen:Trojan.Heur.cG0@Sgh1oHab

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284441.exe
Disinfection failed

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284441.exe
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284442.dll
Infected with: Trojan.Generic.2824079

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284442.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284443.dll
Infected with: Trojan.Generic.2824079

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284443.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284444.dll
Infected with: Trojan.Generic.2824079

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284444.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284451.exe
Infected with: Trojan.Generic.CJ.AGEQ

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284451.exe
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284452.exe
Infected with: Trojan.Generic.CJ.AGEQ

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP785\A0284452.exe
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284471.exe
Infected with: Trojan.Generic.CJ.AGHS

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284471.exe
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284472.old
Infected with: Trojan.Generic.CJ.AGEB

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284472.old
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284473.dll
Infected with: Trojan.Generic.CJ.AGDZ

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284473.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284474.exe
Infected with: Gen:Trojan.Heur.cG0@SMAiYtfb

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284474.exe
Disinfection failed

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284474.exe
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284475.exe
Infected with: Trojan.Generic.CJ.AGHS

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284475.exe
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284477.dll
Infected with: Trojan.CryptRedol.Gen.3

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284477.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284479.dll
Infected with: Trojan.CryptRedol.Gen.3

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284479.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284509.exe
Infected with: Trojan.Generic.CJ.AGKN

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284509.exe
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284534.dll
Infected with: Trojan.CryptRedol.Gen.3

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284534.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284535.dll
Infected with: Trojan.CryptRedol.Gen.3

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284535.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284539.dll
Infected with: Trojan.Generic.2819281

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284539.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284540.exe
Infected with: Trojan.Generic.CJ.AGKH

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284540.exe
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284541.dll
Infected with: Trojan.Generic.CJ.AGJA

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284541.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284542.dll
Infected with: Trojan.CryptRedol.Gen.3

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284542.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284544.exe
Infected with: Gen:Trojan.Heur.cG0@SYLztEfb

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284544.exe
Disinfection failed

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284544.exe
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284546.dll
Infected with: Trojan.Migotrup.A

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284546.dll
Disinfection failed

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284546.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284547.sys
Infected with: Trojan.Generic.CJ.AGIX

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284547.sys
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284549.dll
Infected with: Trojan.Vundo.GRH

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284549.dll
Disinfection failed

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284549.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284550.dll
Infected with: Trojan.Migotrup.A

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284550.dll
Disinfection failed

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284550.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284551.dll
Infected with: Trojan.Vundo.GRH

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284551.dll
Disinfection failed

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284551.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284552.dll
Infected with: Trojan.Migotrup.A

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284552.dll
Disinfection failed

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284552.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284554.dll
Infected with: Trojan.Vundo.GRH

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284554.dll
Disinfection failed

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284554.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284555.dll
Infected with: Trojan.Vundo.GRH

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284555.dll
Disinfection failed

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284555.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284557.dll
Infected with: Trojan.Generic.2827365

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284557.dll
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284559.exe
Infected with: Trojan.Generic.CJ.AGKN

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284559.exe
Deleted

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284738.exe
Infected with: Trojan.Generic.2829971

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP786\A0284738.exe
Deleted

C:\WINDOWS\system32\t1p0_61299553700.b1k.old
Infected with: Trojan.Generic.CJ.AGJH

C:\WINDOWS\system32\t1p0_61299553700.b1k.old
Deleted




Report •


Ask Question