Redirect Virus

Toshiba Satellite l505d-s5983 notebook
November 26, 2009 at 05:19:13
Specs: Windows XP
It seems we have gotten the redirect virus
again on our computer. We had it once and
we had to wipe the entire computer and start
over. Can someone please suggest how we
can get rid of this before it gets out of hand.
We had Avira and that didn't stop it and I just
got McAfee and it didn't find it on the scan. I
know its still there as we keep getting
redirected. Please help!!!!

See More: Redirect Virus

Report •


#1
November 26, 2009 at 05:45:46
Please save this file to your desktop.

Win32kDiag.exe

Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply.

Download RootRepeal from one of the links on the rootrepeal download page. It can be downloaded as a .rar or .zip file which ever you like. If you get a bandwidth problem notice just try another link.


RootRepeal

Extract the RootRepeal.exe file from the RAR or ZIP and save the EXE file to your Desktop.
Disable your antivirus, antispyware, and firewalls before continuing or they may block RootRepeal from running properly.
Now run the RootRepeal.exe program by double clicking on it.
On the botton click the Files tab and then click the Scan button
A Select Drives form will open. Select all of your drives by checking the boxes and then click ok.
It will start scanning. It may take a while to finish depending on how many drives, files and folder you have so be patient and wait on it.
When it finishes click “save report” and save at a easy place to locate such as your desktop. Save it as Rrlog.txt.
Place post the log that was produced to the forum.


Report •

#2
November 26, 2009 at 05:56:05
jabuck:

This is all I got. Do I need to turn off McAfee?

Running from: C:\Documents and
Settings\Worldwide\Desktop\Win32kDiag (1).exe

Log file at : C:\Documents and
Settings\Worldwide\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!


Report •

#3
November 26, 2009 at 06:15:17
Turn off McAfee and any other antivirus(you should have only one antivirus) or anti-spyware programs when you run RootRepeal or as directed in the brief tutorials we use in the suggested scans.

Report •

Related Solutions

#4
November 26, 2009 at 06:31:01
jabuck:

I disabled mcafee and started at the beginning of your
directions by running win32kdiag.exe. The log it produced is
as follows:

"Running from: C:\Documents and Settings\Worldwide\My
Documents\Downloads\Win32kDiag (1).exe

Log file at : C:\Documents and
Settings\Worldwide\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!"

Should I just go the next step? Running the RSIT.exe?


Report •

#5
November 26, 2009 at 06:38:09
Yes, but re-enable McAfee before downloading RSIT and RootRepeal. Then disable McAfee to run RootRepeal. I will be in and out all day so if I'm slow to answer you know why.

Report •

#6
November 26, 2009 at 07:46:05
Ok - I'm gonna try to do this in parts. Here's the log from RSIT.exe

Logfile of random's system information tool 1.06 (written by random/random)
Run by Worldwide at 2009-11-26 10:48:06
Microsoft Windows XP Professional Service Pack 3
System drive C: has 72 GB (76%) free of 95 GB
Total RAM: 1014 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:08 AM, on 11/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Documents and Settings\Worldwide\Local Settings\Application
Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Documents and Settings\Worldwide\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Worldwide\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Worldwide\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Worldwide\My Documents\Downloads\RSIT (1).exe
C:\Program Files\trend micro\Worldwide.exe


Report •

#7
November 26, 2009 at 07:46:38
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net?cid=NET_mmhpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft
Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google
Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program
Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program
Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google
Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto
Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Worldwide\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [Lsass Service] C:\Documents and Settings\Blake\Application
Data\Microsoft\Windows\lsass.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User
'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft
Office\Office12\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program
Files\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program
Files\Upromise\upromisetoolbar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microso...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft
Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\rdolib.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program
Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL
Global VPN Client\RampartSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home
9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio
Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program
Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA
Applet\TAPPSRV.exe

--
End of file - 14602 bytes


Report •

#8
November 26, 2009 at 07:47:13
======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2900524789-336235344-2848932309-1007Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2900524789-336235344-2848932309-1007UA.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Registration reminder 1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-
4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-
11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-
4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-
4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-11-04 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-
4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-09 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-
4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-24 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-
4414-A1CB-C4A2A4A13EEC}]
DCA BHO - C:\Program Files\Upromise\dca-bho.dll [2009-10-07 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-
4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
[2009-09-09 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EDC0F17F-F4B7-
47e4-B73E-887FAEB376FA}]
Upromise TurboSaver - C:\Program Files\Upromise\upromisetoolbar.dll [2009-10-10 1040384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{06E58E5E-F8CB-4049-991E-A41C03BD419E} - Upromise TurboSaver - C:\Program Files\Upromise\upromisetoolbar.dll [2009-10-10
1040384]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
[2009-09-09 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"=TFncKy.exe []
"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-03-11 73728]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-01-05 352256]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-12-16 82009]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-16 761945]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"NDSTray.exe"=NDSTray.exe []
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-06-01 282624]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe []
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"dla"=C:\WINDOWS\system32\dla\DLACTRLW.exe [2005-10-06 122940]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2009-07-01
623960]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2009-04-11 236016]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-02-16 98304]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Lsass Service"=C:\Documents and Settings\Blake\Application Data\Microsoft\Windows\lsass.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2008-10-24 206112]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-04 68856]
"Google Update"=C:\Documents and Settings\Worldwide\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-
06-08 133104]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Worldwide\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE


Report •

#9
November 26, 2009 at 07:47:42
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\rdolib.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
[2009-02-12 2217848]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authori
zedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common
Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common
Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common
Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common
Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe"="C:\Program Files\Common
Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System
Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common
Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL
Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common
Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft
Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft
Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft
Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-
20000"
"C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe"="C:\Program
Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client"
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe"="C:\Program
Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common
Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authoriz
edapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-
20000"

======List of files/folders created in the last 3 months======

2009-11-26 10:40:29 ----D---- C:\Program Files\trend micro
2009-11-26 10:40:28 ----D---- C:\rsit
2009-11-26 07:38:42 ----D---- C:\0fad9cf5f12d7426594c01551f57473c
2009-11-26 07:04:44 ----A---- C:\WINDOWS\system32\flags.ini
2009-11-26 07:02:34 ----D---- C:\0ddfeb7b77bb815b10f7f9269232
2009-11-26 06:15:05 ----D---- C:\Documents and Settings\Worldwide\Application Data\comcasttb
2009-11-26 03:05:15 ----SHD---- C:\Config.Msi
2009-11-26 03:03:59 ----D---- C:\3e5d3893c4fcf45c7f06def8fc9e05
2009-11-26 03:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-11-26 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-11-25 20:33:39 ----D---- C:\Program Files\Common Files\McAfee
2009-11-25 20:33:34 ----D---- C:\Program Files\McAfee.com
2009-11-25 20:33:18 ----D---- C:\Program Files\McAfee
2009-11-25 17:51:20 ----D---- C:\72c47d7d38b76cd5dd7800
2009-11-25 17:08:54 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-11-25 16:55:07 ----D---- C:\Documents and Settings\All Users\Application Data\SupportSoft
2009-11-25 16:54:53 ----D---- C:\Program Files\Comcast
2009-11-25 16:54:43 ----D---- C:\Documents and Settings\Worldwide\Application Data\CallingID
2009-11-25 16:54:37 ----D---- C:\Program Files\Common Files\scanner
2009-11-25 16:54:25 ----D---- C:\Program Files\CA
2009-11-25 16:54:21 ----D---- C:\WINDOWS\Downloaded Installations
2009-11-25 16:53:53 ----D---- C:\Program Files\comcasttb
2009-11-24 20:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-24 20:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-24 19:37:54 ----D---- C:\Documents and Settings\All Users\Application Data\Uninstall
2009-11-24 19:20:18 ----A---- C:\WINDOWS\TVEpaDrv.ini
2009-11-24 19:20:18 ----A---- C:\WINDOWS\emunist.exe
2009-11-24 19:19:52 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-11-24 19:19:32 ----D---- C:\Program Files\Roxio Easy VHS to DVD
2009-11-24 19:19:19 ----N---- C:\WINDOWS\system32\xactengine2_10.dll
2009-11-24 19:19:17 ----N---- C:\WINDOWS\system32\d3dx9_36.dll
2009-11-24 19:19:17 ----N---- C:\WINDOWS\system32\d3dx10_36.dll
2009-11-24 19:19:17 ----N---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-11-24 19:19:16 ----N---- C:\WINDOWS\system32\xactengine2_9.dll
2009-11-24 19:19:16 ----N---- C:\WINDOWS\system32\d3dx10_35.dll
2009-11-24 19:19:15 ----N---- C:\WINDOWS\system32\d3dx9_35.dll
2009-11-24 19:19:15 ----N---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-11-24 19:19:14 ----N---- C:\WINDOWS\system32\xactengine2_8.dll
2009-11-24 19:19:14 ----N---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-11-24 19:19:14 ----N---- C:\WINDOWS\system32\d3dx10_34.dll
2009-11-24 19:19:14 ----N---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-11-24 19:19:13 ----N---- C:\WINDOWS\system32\d3dx9_34.dll
2009-11-24 19:19:12 ----N---- C:\WINDOWS\system32\xinput1_3.dll
2009-11-24 19:19:11 ----N---- C:\WINDOWS\system32\xactengine2_7.dll
2009-11-24 19:19:09 ----N---- C:\WINDOWS\system32\d3dx10_33.dll
2009-11-24 19:19:09 ----N---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-11-24 19:19:01 ----N---- C:\WINDOWS\system32\xactengine2_6.dll
2009-11-24 19:19:01 ----N---- C:\WINDOWS\system32\d3dx9_33.dll
2009-11-24 19:19:00 ----N---- C:\WINDOWS\system32\xactengine2_5.dll
2009-11-24 19:18:59 ----N---- C:\WINDOWS\system32\xactengine2_4.dll
2009-11-24 19:18:59 ----N---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-11-24 19:18:59 ----N---- C:\WINDOWS\system32\d3dx9_32.dll
2009-11-24 19:18:58 ----N---- C:\WINDOWS\system32\d3dx9_31.dll
2009-11-24 19:18:57 ----N---- C:\WINDOWS\system32\xinput1_2.dll
2009-11-24 19:18:57 ----N---- C:\WINDOWS\system32\xactengine2_3.dll
2009-11-24 19:18:56 ----N---- C:\WINDOWS\system32\xinput1_1.dll
2009-11-24 19:18:56 ----N---- C:\WINDOWS\system32\xactengine2_2.dll
2009-11-24 19:18:55 ----N---- C:\WINDOWS\system32\xactengine2_1.dll
2009-11-24 19:18:39 ----N---- C:\WINDOWS\system32\d3dx9_30.dll
2009-11-24 19:18:38 ----N---- C:\WINDOWS\system32\xactengine2_0.dll
2009-11-24 19:18:38 ----N---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-11-24 19:18:38 ----N---- C:\WINDOWS\system32\d3dx9_29.dll
2009-11-24 19:18:38 ----N---- C:\WINDOWS\system32\d3dx9_28.dll
2009-11-24 19:18:37 ----N---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-11-24 19:18:36 ----N---- C:\WINDOWS\system32\d3dx9_27.dll
2009-11-24 19:18:36 ----N---- C:\WINDOWS\system32\d3dx9_26.dll
2009-11-24 19:18:36 ----N---- C:\WINDOWS\system32\d3dx9_25.dll
2009-11-24 19:18:35 ----N---- C:\WINDOWS\system32\d3dx9_24.dll
2009-11-24 19:15:38 ----D---- C:\WINDOWS\system32\XPSViewer
2009-11-24 19:15:15 ----D---- C:\Program Files\Reference Assemblies
2009-11-24 19:14:11 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-11-24 19:14:11 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-11-24 19:14:10 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-11-24 19:14:10 ----D---- C:\bed78399b974683736dc25cbbc2346
2009-11-10 14:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-10-17 21:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-17 21:06:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-17 21:06:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-17 21:06:22 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-17 21:06:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-17 21:05:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-17 20:59:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-17 20:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-17 20:58:48 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2009-10-17 20:55:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-02 17:32:29 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-09-10 21:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-10 21:51:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-10 21:49:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$
2009-09-07 21:19:55 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-09-07 21:19:54 ----D---- C:\Program Files\Roxio
2009-08-30 19:34:39 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$


Report •

#10
November 26, 2009 at 07:48:26
======List of files/folders modified in the last 3 months======

2009-11-26 10:48:08 ----D---- C:\WINDOWS\Temp
2009-11-26 10:40:29 ----D---- C:\Program Files
2009-11-26 10:38:49 ----AD---- C:\WINDOWS\system32
2009-11-26 10:38:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-26 10:38:32 ----D---- C:\WINDOWS\Prefetch
2009-11-26 10:38:00 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-26 10:37:44 ----RSD---- C:\WINDOWS\assembly
2009-11-26 10:36:42 ----D---- C:\WINDOWS
2009-11-26 10:36:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-26 10:36:25 ----SD---- C:\WINDOWS\Tasks
2009-11-26 10:35:43 ----D---- C:\WINDOWS\Registration
2009-11-26 10:34:22 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2009-11-26 10:34:16 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-11-26 10:33:11 ----D---- C:\WINDOWS\system32\DLA
2009-11-26 09:45:41 ----AD---- C:\WINDOWS\system32\drivers
2009-11-26 07:51:03 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-26 07:43:07 ----SHD---- C:\WINDOWS\Installer
2009-11-26 07:42:28 ----D---- C:\WINDOWS\WinSxS
2009-11-26 03:03:48 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-26 03:03:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-26 03:03:23 ----HD---- C:\WINDOWS\inf
2009-11-26 03:01:39 ----A---- C:\WINDOWS\imsins.BAK
2009-11-26 03:01:24 ----D---- C:\WINDOWS\system32\en-us
2009-11-26 03:01:24 ----D---- C:\Program Files\Internet Explorer
2009-11-26 03:01:10 ----D---- C:\WINDOWS\ie7updates
2009-11-26 03:00:27 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-25 20:41:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-25 20:33:39 ----D---- C:\Program Files\Common Files
2009-11-25 20:19:27 ----D---- C:\WINDOWS\Media
2009-11-25 20:19:27 ----D---- C:\WINDOWS\Help
2009-11-25 20:16:14 ----D---- C:\WINDOWS\ie8updates
2009-11-25 20:03:44 ----D---- C:\Program Files\Mozilla Firefox
2009-11-25 17:39:27 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-24 20:31:48 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2009-11-24 20:28:41 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-11-24 20:27:09 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2009-11-24 20:24:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-11-24 20:23:48 ----D---- C:\WINDOWS\system32\DirectX
2009-11-24 19:15:31 ----D---- C:\Program Files\MSBuild
2009-11-24 19:15:24 ----RSD---- C:\WINDOWS\Fonts
2009-11-24 19:14:43 ----D---- C:\WINDOWS\system32\spool
2009-11-24 15:41:20 ----N---- C:\WINDOWS\system32\gvc_trace.txt
2009-11-10 14:15:15 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-11-06 21:25:44 ----D---- C:\Program Files\DIGStream
2009-11-05 18:49:09 ----D---- C:\Program Files\Microsoft Works
2009-11-05 18:46:27 ----A---- C:\WINDOWS\win.ini
2009-11-05 12:36:21 ----N---- C:\WINDOWS\system32\MRT.exe
2009-11-03 16:49:15 ----D---- C:\WINDOWS\system32\config
2009-11-03 16:48:47 ----D---- C:\WINDOWS\system32\wbem
2009-11-03 16:47:43 ----D---- C:\WINDOWS\system32\Restore
2009-10-28 10:07:15 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-10-22 18:30:29 ----D---- C:\Program Files\Upromise
2009-09-11 19:26:52 ----SD---- C:\Documents and Settings\Worldwide\Application Data\Microsoft
2009-09-11 16:49:30 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-11 09:18:39 ----N---- C:\WINDOWS\system32\msv1_0.dll
2009-09-10 21:50:00 ----D---- C:\WINDOWS\ehome
2009-09-07 21:03:20 ----D---- C:\Program Files\Common Files\Research In Motion
2009-09-04 16:03:36 ----N---- C:\WINDOWS\system32\msasn1.dll
2009-08-29 02:36:27 ----A---- C:\WINDOWS\system32\wininet.dll
2009-08-29 02:36:27 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-08-29 02:36:27 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\url.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\occache.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\mstime.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\msrating.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-08-29 02:36:26 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-08-29 02:36:25 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-08-29 02:36:25 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-08-29 02:36:25 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-08-29 02:36:25 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-08-29 02:36:25 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-08-29 02:36:25 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-08-29 02:36:24 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\icardie.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\corpol.dll
2009-08-29 02:36:24 ----A---- C:\WINDOWS\system32\advpack.dll
2009-08-28 05:28:59 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-08-27 00:18:41 ----A---- C:\WINDOWS\system32\ieakui.dll


Report •

#11
November 26, 2009 at 07:48:56
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-11-04 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 RCFOX;SonicWALL IPsec Driver; \??\C:\WINDOWS\system32\Drivers\RCFOX.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-03-08 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-02-16 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-24 127376]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13
144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-11-04 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-11-04 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-11-04 40552]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 rcvpn;SonicWALL VPN Adapter; C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2005-11-08 24876]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13
30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13
20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-
14 179200]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-11-04 34248]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 USB28xxBGA;Roxio Video Capture USB; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2009-04-22 566784]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2009-04-22 528256]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-10-29 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-11-04 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24
202560]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-11-04 606736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2009-
04-11 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2009-04-
11 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-04 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22
73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-
07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-10-28 365072]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft
Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-
04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RampartSvc;SonicWall VPN Client Service; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [2007-
06-08 230936]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06
88560]
S3 RoxMediaDB11;RoxMediaDB11; C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-05-20
1128944]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2009-04-11
1108464]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication
Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Report •

#12
November 26, 2009 at 08:09:05
Here's the RebootRepeal.exe log:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/26 11:10
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\mcmsc_ofgek5rlaptwhys
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\worldwide\local settings\temp\etilqs_1hwak4jhgo7g6gcvle46
Status: Allocation size mismatch (API: 8192, Raw: 0)

Path: c:\documents and settings\worldwide\local settings\temp\etilqs_rmekinl1jz9zueftbngt
Status: Allocation size mismatch (API: 32768, Raw: 0)


Report •

#13
November 26, 2009 at 08:42:58
Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 17 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Remember any antivirus and any anti-spyware must be off or disabled before you run ComboFix

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#14
November 26, 2009 at 15:03:23
A window popped up while running the ComboFix:

Microsoft Windows Recovery Console

This machine does not have the 'Microsoft Windows recovery console' installed

Without it, ComboFix shall not attempt the fixing of some serious infections.

Click 'Yes' to have ComboFix download/install it.

NOTE: this requires an active internet connection.

Yes or No????


Report •

#15
November 26, 2009 at 16:02:41
Nevermind my last post. I didn't read that part obviously in your original instructions.

Here is the ComboFix log:

ComboFix 09-11-25.05 - Worldwide 11/26/2009 18:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.598 [GMT -5:00]
Running from: c:\documents and settings\Worldwide\Desktop\combofix.exe.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3868997124-911790988-508925577-500
c:\windows\emMON.exe
c:\windows\kb913800.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\drivers\str.sys
c:\windows\system32\flags.ini
c:\windows\system32\rdolib.dll
c:\windows\system32\uses32.dat

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys

.
((((((((((((((((((((((((( Files Created from 2009-10-26 to 2009-11-26 )))))))))))))))))))))))))))))))
.

2009-11-26 08:03 . 2009-11-26 08:04 -------- d-----w- C:\3e5d3893c4fcf45c7f06def8fc9e05
2009-11-26 01:34 . 2009-11-04 21:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-26 01:34 . 2009-11-04 21:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-26 01:34 . 2009-11-04 21:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-26 01:34 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-26 01:33 . 2009-11-26 01:34 -------- d-----w- c:\program files\Common Files\McAfee
2009-11-26 01:33 . 2009-11-26 01:33 -------- d-----w- c:\program files\McAfee.com
2009-11-26 01:33 . 2009-11-26 11:59 -------- d-----w- c:\program files\McAfee
2009-11-26 01:29 . 2009-11-04 21:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-11-25 22:51 . 2009-11-25 22:51 -------- d-----w- C:\72c47d7d38b76cd5dd7800
2009-11-25 22:08 . 2009-11-26 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-25 22:06 . 2008-04-13 15:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-11-25 22:06 . 2008-04-13 15:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-25 21:55 . 2009-11-25 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2009-11-25 21:54 . 2009-11-25 21:54 -------- d-----w- c:\program files\Comcast
2009-11-25 21:54 . 2009-11-26 11:10 -------- d-----w- c:\documents and settings\Worldwide\Application Data\CallingID
2009-11-25 21:54 . 2009-11-25 21:54 -------- d-----w- c:\program files\Common Files\scanner
2009-11-25 21:54 . 2009-11-25 21:54 -------- d-----w- c:\program files\CA
2009-11-25 21:54 . 2009-11-25 21:54 -------- d-----w- c:\windows\Downloaded Installations
2009-11-25 21:53 . 2009-11-26 11:15 -------- d-----w- c:\program files\comcasttb
2009-11-25 21:37 . 2009-11-25 22:14 -------- d-----w- c:\documents and settings\Worldwide\Local Settings\Application Data\SupportSoft
2009-11-25 01:41 . 2008-11-25 11:50 610304 ----a-r- c:\documents and settings\All Users\Application Data\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\setupresPTB.dll
2009-11-25 01:41 . 2008-11-25 11:50 614400 ----a-r- c:\documents and settings\All Users\Application Data\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\setupresNLD.dll
2009-11-25 01:41 . 2008-11-25 11:50 614400 ----a-r- c:\documents and settings\All Users\Application Data\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\setupresITA.dll
2009-11-25 01:41 . 2008-11-25 11:50 589824 ----a-r- c:\documents and settings\All Users\Application Data\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\setupresJPN.dll
2009-11-25 01:41 . 2008-11-25 11:50 618496 ----a-r- c:\documents and settings\All Users\Application Data\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\setupresDEU.dll
2009-11-25 01:41 . 2008-11-25 11:50 614400 ----a-r- c:\documents and settings\All Users\Application Data\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\setupresFRA.dll
2009-11-25 01:41 . 2008-11-25 11:50 614400 ----a-r- c:\documents and settings\All Users\Application Data\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\setupresESN.dll
2009-11-25 01:41 . 2008-11-25 11:50 606208 ----a-r- c:\documents and settings\All Users\Application Data\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\setupresENU.dll
2009-11-25 01:41 . 2008-09-04 16:10 186864 ----a-r- c:\documents and settings\All Users\Application Data\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\rsl.dll
2009-11-25 01:41 . 2008-11-24 21:22 4729328 ----a-r- c:\documents and settings\All Users\Application Data\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\setup.exe
2009-11-25 01:23 . 2009-11-25 01:23 10134 ----a-r- c:\documents and settings\Worldwide\Application Data\Microsoft\Installer\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}\ARPPRODUCTICON.exe
2009-11-25 00:37 . 2009-11-25 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall
2009-11-25 00:21 . 2008-04-13 15:46 15232 -c----w- c:\windows\system32\dllcache\mpe.sys
2009-11-25 00:21 . 2008-04-13 15:46 15232 ------w- c:\windows\system32\drivers\MPE.sys
2009-11-25 00:19 . 2008-04-13 21:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-11-25 00:18 . 2007-03-05 17:42 15128 ------w- c:\windows\system32\x3daudio1_1.dll
2009-11-25 00:16 . 2009-11-25 00:16 186448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-25 00:15 . 2009-11-25 00:15 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-25 00:15 . 2009-11-25 00:15 -------- d-----w- c:\program files\Reference Assemblies
2009-11-25 00:14 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-25 00:14 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-25 00:14 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-25 00:14 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-25 00:14 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-25 00:14 . 2009-11-25 00:15 -------- d-----w- C:\bed78399b974683736dc25cbbc2346
2009-11-25 00:14 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-25 00:14 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-25 00:07 . 2008-04-13 15:45 60032 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2009-11-25 00:07 . 2008-04-13 15:45 60032 ------w- c:\windows\system32\drivers\USBAUDIO.sys
2009-11-09 04:24 . 2009-11-09 04:24 -------- d-----w- c:\documents and settings\All Users\Defence
2009-11-04 21:54 . 2009-11-04 21:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-03 21:48 . 2009-11-03 21:48 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-03 20:41 . 2009-11-03 20:41 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-02 02:30 . 2009-11-02 02:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache


Report •

#16
November 26, 2009 at 16:03:28
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 17:04 . 2009-11-26 17:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-26 17:04 . 2006-02-16 09:28 -------- d-----w- c:\program files\Java
2009-11-26 15:56 . 2009-11-26 15:56 0 ----a-w- c:\documents and settings\Worldwide\settings.dat
2009-11-26 15:48 . 2009-11-26 15:40 -------- d-----w- c:\program files\trend micro
2009-11-26 14:45 . 2009-11-26 14:45 71424 ----a-w- c:\windows\system32\drivers\dxbjvwf.sys
2009-11-26 11:15 . 2009-11-26 11:15 -------- d-----w- c:\documents and settings\Worldwide\Application Data\comcasttb
2009-11-25 01:31 . 2009-04-03 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-11-25 01:31 . 2009-11-25 00:19 -------- d-----w- c:\program files\Roxio Easy VHS to DVD
2009-11-25 01:31 . 2009-09-08 02:19 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-11-25 01:28 . 2009-04-03 01:37 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-25 01:27 . 2009-04-03 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-25 00:43 . 2006-02-16 16:59 87840 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-25 00:15 . 2009-03-09 04:22 -------- d-----w- c:\program files\MSBuild
2009-11-10 19:15 . 2009-03-09 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-07 02:25 . 2006-02-17 09:57 -------- d-----w- c:\program files\DIGStream
2009-11-05 23:49 . 2006-02-16 10:39 -------- d-----w- c:\program files\Microsoft Works
2009-11-03 01:42 . 2009-10-02 22:32 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-22 23:30 . 2009-10-22 23:30 -------- d-----w- c:\documents and settings\Blake\Application Data\upromise
2009-10-22 23:30 . 2009-04-02 01:36 -------- d-----w- c:\program files\Upromise
2009-09-12 01:08 . 2009-04-03 01:46 256 ------w- c:\windows\system32\pool.bin
2009-09-11 14:18 . 2006-02-15 14:03 136192 ------w- c:\windows\system32\msv1_0.dll
2009-09-08 02:04 . 2009-09-08 02:04 69632 ----a-r- c:\documents and settings\Worldwide\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-09-08 02:04 . 2009-09-08 02:04 49152 ----a-r- c:\documents and settings\Worldwide\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-09-08 02:04 . 2009-09-08 02:04 69632 ----a-r- c:\documents and settings\Worldwide\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-09-08 02:04 . 2009-09-08 02:04 69632 ----a-r- c:\documents and settings\Worldwide\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-09-08 02:04 . 2009-09-08 02:04 69632 ----a-r- c:\documents and settings\Worldwide\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-09-08 02:04 . 2009-09-08 02:04 69632 ----a-r- c:\documents and settings\Worldwide\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-09-08 02:04 . 2009-09-08 02:04 69632 ----a-r- c:\documents and settings\Worldwide\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-09-08 02:04 . 2009-09-08 02:04 69632 ----a-r- c:\documents and settings\Worldwide\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-09-08 02:04 . 2009-09-08 02:04 69632 ----a-r- c:\documents and settings\Worldwide\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\DesktopMgr.exe
2009-09-08 02:04 . 2009-09-08 02:04 49152 ----a-r- c:\documents and settings\Worldwide\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-09-08 02:04 . 2009-09-08 02:04 49152 ----a-r- c:\documents and settings\Worldwide\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-09-04 21:03 . 2006-02-15 14:03 58880 ------w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-02-15 14:04 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2009-05-01 00:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2006-02-15 14:02 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-05 68856]
"Google Update"="c:\documents and settings\Worldwide\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-16 98304]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-26 149280]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Worldwide\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=


Report •

#17
November 26, 2009 at 16:04:01
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [3/10/2009 8:11 PM 95104]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [3/10/2009 8:10 PM 24876]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 10:19 PM 13592]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [5/20/2009 4:35 AM 1128944]
.
Contents of the 'Scheduled Tasks' folder

2009-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2900524789-336235344-2848932309-1007Core.job
- c:\documents and settings\Worldwide\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-08 11:30]

2009-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2900524789-336235344-2848932309-1007UA.job
- c:\documents and settings\Worldwide\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-08 11:30]

2009-11-26 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-26 17:22]

2009-11-26 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-26 17:22]

2009-03-09 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net?cid=NET_mmhpset
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
AddRemove-{2FCE4FC5-6930-40E7-A4F1-F862207424EF} - c:\program files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe REMOVEALL
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-26 18:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2620)
c:\windows\system32\WININET.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\documents and settings\Worldwide\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2009-11-26 18:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-26 23:56

Pre-Run: 75,613,130,752 bytes free
Post-Run: 75,854,192,640 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 7BED79F0DEB9B4B5FB2E09D871D09488


Report •

#18
November 26, 2009 at 17:40:41
Are you still being redirected?

Go to start> control panel> add/remove programs and uninstall this program:

Upromise (know spyware).

Once you uninstal Upromise navigate to and delete these files/folders if found:

c:\documents and settings\Blake\Application Data\upromise

c:\program files\Upromise

You should uninstall Windows Defender, its not that good of a defender.

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.


Report •

#19
November 27, 2009 at 05:08:42
jabuck,

First I just want to thank you so much for taking time to help me! I truly appreciate it. I have taken all the steps in your last post. I will test it throughout the day and let you know if it starts to redirect me again. I have one question for now. Should I continue running McAfee & Spywareblaster at the same time or should I just get rid of McAfee? Thanks again!!!!


Report •

#20
November 27, 2009 at 05:34:49
Run them both, McAfee is a antivirus and Spywareblaster is a anti-spyware program.

Glad we could help.


Report •


Ask Question