Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojandownloader.xs [RESOLVED]


  • This topic is locked This topic is locked

#1
LindaGee

LindaGee

    Member

  • Member
  • PipPip
  • 13 posts
My desk top turned black with a purple hue surrounding all my icons. In red, there is a large text message saying my computer is infected and what my IP addres is further explaining I should seek antispyware assistance. I then started getting a little yellow triangle on my toolbar that when I clicked stated I have Trojandownloader.xs. When I click the link to go to the Microsoft web page for instructions on what to do Explorer opens up a page that is trying to sell me a spyware removal program. I also get alot of additional pop ups. When I try to enter Task Manager my computer states that it is blocked by the administrator... Even though I have only one user (the admin account).

What I have tried so far is what you say to do in your before you post section. However, some of the sites were disabled by my computer. Here are my log files:



Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:43:49 AM , on 3/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\WINDOWS\system32\ThpSrv.exe

C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe

C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\WINDOWS\SYSTEM32\WISPTIS.EXE

C:\WINDOWS\System32\tabbtnu.exe

C:\WINDOWS\system32\mgmrwmrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe

C:\WINDOWS\system32\00THotkey.exe

C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\system32\TPSODDCtl.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe

C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe

C:\WINDOWS\system32\thpsrv.exe

C:\WINDOWS\system32\TFNF5.exe

C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE

C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE

C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe

C:\toshiba\ivp\ism\ivpsvmgr.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPActiveDetection.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe

O4 - HKLM\..\Run: [TabletTip] "C:\Program files\Common Files\microsoft shared\ink\tabtip.exe" /resume

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe

O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe

O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe

O4 - HKLM\..\Run: [ThpSrv] c:\WINDOWS\system32\thpsrv /logon

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"

O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run

O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon

O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service

O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl

O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe

O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe

O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPActiveDetection.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [EPSON Stylus Photo R260 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\WINDOWS\TEMP\E_SAD.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe"

O4 - HKCU\..\Run: [QdrPack13] "C:\Program Files\QdrPack\QdrPack13.exe"

O4 - HKCU\..\Run: [AntiVirusProMFC] C:\Program Files\Antivirus Pro\Antivirus Pro.exe

O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O15 - Trusted Zone: http://www.crosswalk.com

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab

O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe

O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe

O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe

O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe

O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe



--

End of file - 15568 bytes
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello LindaGee

Welcome to G2Go. :)
=====================
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
LindaGee

LindaGee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 08-03-09.1 - Linda Goodson 2008-03-09 5:39:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.99 [GMT -10:00]
Running from: C:\Documents and Settings\Linda Goodson\Local Settings\Temporary Internet Files\Content.IE5\TP7K0SEH\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\default.htm
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\awtqqpq.dll
C:\WINDOWS\system32\dfeeg.ini
C:\WINDOWS\system32\dfeeg.ini2
C:\WINDOWS\system32\geefd.dll
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-09 05:51 . 2008-03-09 05:58 <DIR> d-------- C:\Program Files\seekmo
2008-03-09 03:42 . 2008-03-09 03:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-08 16:52 . 2008-03-08 16:52 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-08 15:45 . 2008-03-08 15:45 <DIR> d-------- C:\Program Files\stc
2008-03-08 15:44 . 2008-03-08 15:44 <DIR> d-------- C:\WINDOWS\FLEOK
2008-03-08 15:44 . 2008-03-08 15:44 <DIR> d-------- C:\Program Files\zango
2008-03-08 15:44 . 2008-03-08 15:44 <DIR> d-------- C:\Program Files\180solutions
2008-03-08 15:44 . 2008-03-08 15:44 <DIR> d-------- C:\Program Files\180searchassistant
2008-03-08 15:44 . 2008-03-08 15:45 <DIR> d-------- C:\Program Files\180search assistant
2008-03-08 15:44 . 2008-03-08 15:44 30,208 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-03-08 15:44 . 2008-03-08 15:44 28,928 --a------ C:\WINDOWS\didduid.ini
2008-03-08 14:26 . 2008-03-08 14:26 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-08 14:26 . 2008-03-08 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-08 14:25 . 2008-03-08 14:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 09:28 . 2008-03-08 09:28 <DIR> d-------- C:\WINDOWS\Antivirus Pro
2008-03-08 09:03 . 2008-03-08 09:03 0 --a------ C:\WINDOWS\pestpatrol5.INI
2008-03-08 08:26 . 2008-03-08 08:26 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-08 08:10 . 2008-03-08 08:10 295,819 --a------ C:\WINDOWS\system32\LCA53.tmp
2008-03-08 08:10 . 2008-03-08 08:10 88,587 --a------ C:\WINDOWS\system32\mgmrwmrv.exe
2008-03-08 08:10 . 2008-03-08 08:10 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-08 08:09 . 2008-03-08 08:09 229,532 --a------ C:\WINDOWS\system32\LA7D3.tmp
2008-03-08 08:09 . 2008-03-08 08:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-08 08:09 . 2008-03-08 08:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-07 11:00 . 2008-03-07 11:00 26,416 --a------ C:\WINDOWS\system32\SeriesE_FCF0BNA.UCF
2008-03-03 01:56 . 2008-03-03 01:56 26,416 --a------ C:\WINDOWS\system32\E_FCF0BNA.UCF
2008-03-03 01:50 . 2008-03-03 01:50 <DIR> d-------- C:\Documents and Settings\Linda Goodson\Application Data\ArcSoft
2008-03-01 05:05 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-01 05:05 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-01 04:23 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-03-01 04:21 . 2008-03-01 04:21 <DIR> d-------- C:\Program Files\EPSON Print CD
2008-03-01 04:20 . 2008-03-01 04:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-03-01 04:18 . 2008-03-01 04:23 <DIR> d-------- C:\Program Files\EPSON
2008-03-01 04:18 . 2004-06-23 15:20 309,760 --a------ C:\WINDOWS\system32\EAL32.DLL
2008-03-01 04:18 . 2004-03-11 15:30 82,944 --a------ C:\WINDOWS\system32\EAL.EXE
2008-03-01 04:18 . 2006-05-07 16:00 75,264 --a------ C:\WINDOWS\system32\E_FLBBNA.DLL
2008-03-01 04:18 . 2006-04-18 16:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BBNA.DLL
2008-03-01 04:18 . 2004-06-23 15:20 58 --a------ C:\WINDOWS\system32\EAL32.INI
2008-03-01 04:18 . 2008-03-01 04:18 57 --a------ C:\WINDOWS\EPSPR260.ini
2008-02-29 08:58 . 2008-02-29 08:58 <DIR> d-------- C:\Documents and Settings\Linda Goodson\Application Data\Sonic
2008-02-29 05:35 . 2008-02-29 05:36 <DIR> d-------- C:\epson
2008-02-28 18:46 . 2001-08-17 22:36 99,328 --a------ C:\WINDOWS\system32\srusd.dll
2008-02-28 18:46 . 2001-08-17 22:36 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-02-28 18:46 . 2001-08-17 22:36 71,680 --a------ C:\WINDOWS\system32\fnfilter.dll
2008-02-28 18:46 . 2001-08-17 22:36 71,680 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-02-28 18:46 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-02-28 18:46 . 2001-08-17 13:53 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2008-02-25 06:21 . 2008-03-08 18:30 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-02-25 05:55 . 2007-03-05 14:24 2,134,016 --a------ C:\WINDOWS\system32\cdintf251.dll
2008-02-25 05:54 . 2008-02-25 05:54 <DIR> d-------- C:\Program Files\Common Files\ADPCSG
2008-02-25 05:50 . 2008-02-25 05:50 <DIR> d-------- C:\WINDOWS\ADPTemp
2008-02-25 05:50 . 2008-02-25 05:50 <DIR> d-------- C:\WINDOWS\ADPEMSTemplates
2008-02-25 05:50 . 2008-02-25 05:50 <DIR> d-------- C:\WINDOWS\ADPClaimPDFs
2008-02-25 05:50 . 2008-02-25 05:50 <DIR> d-------- C:\WINDOWS\ADPClaimJPGs
2008-02-25 05:50 . 2008-02-25 06:43 <DIR> d-------- C:\Program Files\adpe
2008-02-23 15:24 . 2008-02-23 15:24 <DIR> d-------- C:\SMART
2008-02-22 06:12 . 2008-02-23 14:55 99 --a------ C:\WINDOWS\cdplayer.ini
2008-02-21 14:51 . 2008-02-21 14:51 <DIR> d-------- C:\Program Files\MeeSoft
2008-02-17 10:23 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-17 10:22 . 2008-02-17 10:23 <DIR> d-------- C:\Program Files\Java
2008-02-15 07:22 . 2008-02-15 07:22 1,158 --a------ C:\WINDOWS\mozver.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 15:55 78,546 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-03-09 15:55 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-03-09 15:55 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-03-09 15:55 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-03-09 15:55 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-03-09 15:55 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-03-09 15:55 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-03-09 15:55 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-03-09 15:52 29,184 ----a-w C:\WINDOWS\mssvr.exe
2008-03-09 15:52 24,576 ----a-w C:\WINDOWS\stcloader.exe
2008-03-09 15:52 22,528 ----a-w C:\WINDOWS\voiceip.dll
2008-03-09 15:52 16,896 ----a-w C:\WINDOWS\cdsm32.dll
2008-03-09 15:52 16,640 ----a-w C:\WINDOWS\bokja.exe
2008-03-09 15:52 14,592 ----a-w C:\WINDOWS\swin32.dll
2008-03-09 15:51 8,960 ----a-w C:\WINDOWS\salm.exe
2008-03-09 15:51 27,648 ----a-w C:\WINDOWS\2020search2.dll
2008-03-09 15:51 22,528 ----a-w C:\WINDOWS\saiemod.dll
2008-03-09 15:51 19,200 ----a-w C:\WINDOWS\2020search.dll
2008-03-09 15:51 15,360 ----a-w C:\WINDOWS\mspphe.dll
2008-03-09 15:51 14,080 ----a-w C:\WINDOWS\bjam.dll
2008-03-09 15:51 12,800 ----a-w C:\WINDOWS\180ax.exe
2008-03-09 15:51 11,008 ----a-w C:\WINDOWS\updatetc.exe
2008-03-01 14:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 14:22 --------- d-----w C:\Program Files\ArcSoft
2008-02-29 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-02-28 14:49 --------- d-----w C:\Program Files\Common Files\Simple Star Shared
2008-02-28 14:49 --------- d-----w C:\Documents and Settings\Linda Goodson\Application Data\Road Runner
2008-02-28 14:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Road Runner
2008-02-24 00:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-01-20 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-01-20 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-01-20 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-20 00:53 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-01-20 00:52 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-01-20 00:51 --------- d-----w C:\Program Files\Roxio
2008-01-16 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo
2008-01-14 23:39 --------- d-----w C:\Documents and Settings\Linda Goodson\Application Data\Move Networks
2008-01-14 03:29 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-14 03:29 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-14 03:29 --------- d-----w C:\Program Files\Real
2008-01-14 03:29 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-14 03:29 --------- d-----w C:\Program Files\Common Files\Real
2008-01-11 05:47 --------- d-----w C:\Documents and Settings\Linda Goodson\Application Data\Snapfish
2007-12-14 21:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8041E642-8CFC-4720-BC9D-D2DB8904286F}]
C:\Program Files\QdrDrive\QdrDrive12.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 06:24 1694208]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-29 22:32 65536]
"Road Runner PhotoShow Media Manager"="C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [ ]
"EPSON Stylus Photo R260 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.exe" [2006-05-18 18:00 139264]
"AntiVirusProMFC"="C:\Program Files\Antivirus Pro\Antivirus Pro.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-13 23:05 122939]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [2004-08-04 02:00 16384]
"TabletTip"="C:\Program files\Common Files\microsoft shared\ink\tabtip.exe" [2004-08-04 02:00 271872]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-25 06:56 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-25 06:52 126976]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 06:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 05:27 860160]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2004-08-10 15:21 258048]
"CrossMenu"="C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe" [2005-01-06 15:37 798720]
"000StTHK"="000StTHK.exe" [2001-06-23 18:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 19:40 196608]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 12:43 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 10:38 88361 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2004-12-27 17:31 270336 C:\WINDOWS\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [2004-12-27 17:32 110592 C:\WINDOWS\system32\TPSODDCtl.exe]
"NDSTray.exe"="NDSTray.exe" []
"TAcelMgr"="C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe" [2004-12-16 09:56 90112]
"TSkrMain"="C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe" [2004-06-30 14:29 49152]
"ThpSrv"="c:\WINDOWS\system32\thpsrv /logon" [ ]
"TFNF5"="TFNF5.exe" [2004-06-28 08:16 73728 C:\WINDOWS\system32\TFNF5.exe]
"TosRotation"="C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe" [2004-12-13 17:25 266240]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-15 13:03 135168]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 16:00 126976]
"TFncKy"="TFncKy.exe" []
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2004-11-12 15:57 73728]
"TAudEffect"="C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe" [2004-12-14 09:50 340032]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [2005-01-18 12:18 126976]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [2004-12-06 19:54 81920]
"TMESBS.EXE"="C:\Program Files\TOSHIBA\TME3\TMESBS32.exe" [2003-08-01 12:56 86016]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2004-11-03 09:12 147456]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 09:27 385024]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 15:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 13:18 241664]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 20:25 177416]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-01-03 12:00 14088]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 11:42 230664]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-02-29 09:17 1193224]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-02-29 09:17 173320]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-02-29 09:17 259336]
"IVPServiceMgr"="C:\toshiba\ivp\ism\ivpsvmgr.exe" [2003-10-20 06:37 475136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-07 13:42 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-13 17:29 185896]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 05:07 228088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"eTrustPPAP"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPActiveDetection.exe" [2008-03-08 08:56 258048]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="%windir%\help\wizard.hta" [ ]

C:\Documents and Settings\Linda Goodson\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-11 19:57:52 59080]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-01 09:31:14 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 03:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 21:01:04 83360]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-01-07 11:35:29 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 09:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2004-08-04 02:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-05-18 12:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 2002-08-29 01:41 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2004-08-04 02:00 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2007-10-18 09:46]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2004-12-27 20:31]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2004-11-13 09:24]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2007-05-18 12:30]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2007-05-18 12:30]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2007-10-18 13:28]
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 09:08]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2007-10-18 09:46]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2007-11-02 03:54]
R2 Tmesbs;Tmesbs32;"C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service []
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-04 08:23]
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 08:39]
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2007-05-18 12:30]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2007-09-12 11:02]
R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-08-16 19:10]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;C:\WINDOWS\system32\DRIVERS\TBtnKey.sys [2002-09-12 19:48]
R3 WacomPen;Wacom Serial Pen HID Driver;C:\WINDOWS\system32\DRIVERS\wacompen.sys [2004-08-03 13:04]
S3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2004-11-30 14:04]
S3 TMicAry;Toshiba Audio Effect with MicArray;C:\WINDOWS\system32\DRIVERS\TMicAry.sys [2004-02-04 08:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-03 00:00:15 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Linda Goodson at 1 59 PM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
"2008-03-09 15:58:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-09 04:00:09 C:\WINDOWS\Tasks\ParetoLogic Registration.job"
- C:\WINDOWS\system32\[email protected]
"2008-03-09 00:03:11 C:\WINDOWS\Tasks\User_Feed_Synchronization-{F73D8017-CFCB-4548-A6CF-DCB9523F935D}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 05:59:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\MSIXU.DLL 24320 bytes
C:\WINDOWS\system32\WER8274.DLL 16896 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
.
**************************************************************************
.
Completion time: 2008-03-09 6:05:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-09 16:04:49
.
2008-02-14 13:08:53 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:11 AM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll (file missing)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
O4 - HKLM\..\Run: [ThpSrv] c:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R260 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\WINDOWS\TEMP\E_SAD.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AntiVirusProMFC] C:\Program Files\Antivirus Pro\Antivirus Pro.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 17325 bytes
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You will have to redownload Combofix to your desktop to do the following:


1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\didduid.ini
C:\WINDOWS\system32\LCA53.tmp
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\LA7D3.tmp
C:\WINDOWS\mssvr.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\2020search2.dll
C:\WINDOWS\saiemod.dll
C:\WINDOWS\2020search.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\180ax.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\system32\MSIXU.DLL 
C:\WINDOWS\system32\WER8274.DLL 
Folder::
C:\Program Files\seekmo
C:\WINDOWS\FLEOK
C:\Program Files\zango
C:\Program Files\180solutions
C:\Program Files\180searchassistant
C:\Program Files\180search assistant
C:\WINDOWS\Antivirus Pro
C:\Program Files\Sysmnt
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8041E642-8CFC-4720-BC9D-D2DB8904286F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AntiVirusProMFC"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
Dirlook::
C:\Program Files\stc


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:Combofix.txt
================================================================================

Then::

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

Edited by kahdah, 09 March 2008 - 11:34 AM.
code

  • 0

#5
LindaGee

LindaGee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 08-03-09.1 - Linda Goodson 2008-03-09 7:53:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.118 [GMT -10:00]
Running from: C:\Documents and Settings\Linda Goodson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Linda Goodson\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\didduid.ini
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\LA7D3.tmp
C:\WINDOWS\system32\LCA53.tmp
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\MSIXU.DLL
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\system32\WER8274.DLL
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\180search assistant
C:\Program Files\180search assistant\180sa.exe
C:\Program Files\180search assistant\sau.exe
C:\Program Files\180searchassistant
C:\Program Files\180searchassistant\saap.exe
C:\Program Files\180searchassistant\sac.exe
C:\Program Files\180solutions
C:\Program Files\180solutions\sais.exe
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\Program Files\zango
C:\Program Files\zango\zango.exe
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\Antivirus Pro
C:\WINDOWS\Antivirus Pro\uninstall.exe
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\FLEOK
C:\WINDOWS\FLEOK\180ax.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\LA7D3.tmp
C:\WINDOWS\system32\LCA53.tmp
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-09 03:42 . 2008-03-09 03:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-08 16:52 . 2008-03-08 16:52 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-08 15:45 . 2008-03-08 15:45 <DIR> d-------- C:\Program Files\stc
2008-03-08 14:26 . 2008-03-08 14:26 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-08 14:26 . 2008-03-08 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-08 14:25 . 2008-03-08 14:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 09:03 . 2008-03-08 09:03 0 --a------ C:\WINDOWS\pestpatrol5.INI
2008-03-08 08:09 . 2008-03-08 08:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-08 08:09 . 2008-03-08 08:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-07 11:00 . 2008-03-07 11:00 26,416 --a------ C:\WINDOWS\system32\SeriesE_FCF0BNA.UCF
2008-03-03 01:56 . 2008-03-03 01:56 26,416 --a------ C:\WINDOWS\system32\E_FCF0BNA.UCF
2008-03-03 01:50 . 2008-03-03 01:50 <DIR> d-------- C:\Documents and Settings\Linda Goodson\Application Data\ArcSoft
2008-03-01 05:05 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-01 05:05 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-01 04:23 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-03-01 04:21 . 2008-03-01 04:21 <DIR> d-------- C:\Program Files\EPSON Print CD
2008-03-01 04:20 . 2008-03-01 04:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-03-01 04:18 . 2008-03-01 04:23 <DIR> d-------- C:\Program Files\EPSON
2008-03-01 04:18 . 2004-06-23 15:20 309,760 --a------ C:\WINDOWS\system32\EAL32.DLL
2008-03-01 04:18 . 2004-03-11 15:30 82,944 --a------ C:\WINDOWS\system32\EAL.EXE
2008-03-01 04:18 . 2006-05-07 16:00 75,264 --a------ C:\WINDOWS\system32\E_FLBBNA.DLL
2008-03-01 04:18 . 2006-04-18 16:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BBNA.DLL
2008-03-01 04:18 . 2004-06-23 15:20 58 --a------ C:\WINDOWS\system32\EAL32.INI
2008-03-01 04:18 . 2008-03-01 04:18 57 --a------ C:\WINDOWS\EPSPR260.ini
2008-02-29 08:58 . 2008-02-29 08:58 <DIR> d-------- C:\Documents and Settings\Linda Goodson\Application Data\Sonic
2008-02-29 05:35 . 2008-02-29 05:36 <DIR> d-------- C:\epson
2008-02-28 18:46 . 2001-08-17 22:36 99,328 --a------ C:\WINDOWS\system32\srusd.dll
2008-02-28 18:46 . 2001-08-17 22:36 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-02-28 18:46 . 2001-08-17 22:36 71,680 --a------ C:\WINDOWS\system32\fnfilter.dll
2008-02-28 18:46 . 2001-08-17 22:36 71,680 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-02-28 18:46 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-02-28 18:46 . 2001-08-17 13:53 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2008-02-25 06:21 . 2008-03-08 18:30 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-02-25 05:55 . 2007-03-05 14:24 2,134,016 --a------ C:\WINDOWS\system32\cdintf251.dll
2008-02-25 05:54 . 2008-02-25 05:54 <DIR> d-------- C:\Program Files\Common Files\ADPCSG
2008-02-25 05:50 . 2008-02-25 05:50 <DIR> d-------- C:\WINDOWS\ADPTemp
2008-02-25 05:50 . 2008-02-25 05:50 <DIR> d-------- C:\WINDOWS\ADPEMSTemplates
2008-02-25 05:50 . 2008-02-25 05:50 <DIR> d-------- C:\WINDOWS\ADPClaimPDFs
2008-02-25 05:50 . 2008-02-25 05:50 <DIR> d-------- C:\WINDOWS\ADPClaimJPGs
2008-02-25 05:50 . 2008-02-25 06:43 <DIR> d-------- C:\Program Files\adpe
2008-02-23 15:24 . 2008-02-23 15:24 <DIR> d-------- C:\SMART
2008-02-22 06:12 . 2008-02-23 14:55 99 --a------ C:\WINDOWS\cdplayer.ini
2008-02-21 14:51 . 2008-02-21 14:51 <DIR> d-------- C:\Program Files\MeeSoft
2008-02-17 10:23 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-17 10:22 . 2008-02-17 10:23 <DIR> d-------- C:\Program Files\Java
2008-02-15 07:22 . 2008-02-15 07:22 1,158 --a------ C:\WINDOWS\mozver.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 15:55 78,546 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-03-09 15:55 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-03-09 15:55 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-03-09 15:55 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-03-09 15:55 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-03-09 15:55 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-03-09 15:55 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-03-09 15:55 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-03-01 14:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 14:22 --------- d-----w C:\Program Files\ArcSoft
2008-02-29 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-02-28 14:49 --------- d-----w C:\Program Files\Common Files\Simple Star Shared
2008-02-28 14:49 --------- d-----w C:\Documents and Settings\Linda Goodson\Application Data\Road Runner
2008-02-28 14:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Road Runner
2008-02-24 00:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-01-20 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-01-20 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-01-20 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-20 00:53 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-01-20 00:52 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-01-20 00:51 --------- d-----w C:\Program Files\Roxio
2008-01-16 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo
2008-01-14 23:39 --------- d-----w C:\Documents and Settings\Linda Goodson\Application Data\Move Networks
2008-01-14 03:29 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-14 03:29 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-14 03:29 --------- d-----w C:\Program Files\Real
2008-01-14 03:29 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-14 03:29 --------- d-----w C:\Program Files\Common Files\Real
2008-01-11 05:47 --------- d-----w C:\Documents and Settings\Linda Goodson\Application Data\Snapfish
2007-12-14 21:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\stc ----

2008-03-08 15:45 19968 --a------ C:\Program Files\stc\csv5p070.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 06:24 1694208]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-29 22:32 65536]
"Road Runner PhotoShow Media Manager"="C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [ ]
"EPSON Stylus Photo R260 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.exe" [2006-05-18 18:00 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-13 23:05 122939]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [2004-08-04 02:00 16384]
"TabletTip"="C:\Program files\Common Files\microsoft shared\ink\tabtip.exe" [2004-08-04 02:00 271872]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-25 06:56 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-25 06:52 126976]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 06:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 05:27 860160]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2004-08-10 15:21 258048]
"CrossMenu"="C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe" [2005-01-06 15:37 798720]
"000StTHK"="000StTHK.exe" [2001-06-23 18:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 19:40 196608]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 12:43 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 10:38 88361 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2004-12-27 17:31 270336 C:\WINDOWS\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [2004-12-27 17:32 110592 C:\WINDOWS\system32\TPSODDCtl.exe]
"NDSTray.exe"="NDSTray.exe" []
"TAcelMgr"="C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe" [2004-12-16 09:56 90112]
"TSkrMain"="C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe" [2004-06-30 14:29 49152]
"ThpSrv"="c:\WINDOWS\system32\thpsrv /logon" [ ]
"TFNF5"="TFNF5.exe" [2004-06-28 08:16 73728 C:\WINDOWS\system32\TFNF5.exe]
"TosRotation"="C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe" [2004-12-13 17:25 266240]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-15 13:03 135168]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 16:00 126976]
"TFncKy"="TFncKy.exe" []
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2004-11-12 15:57 73728]
"TAudEffect"="C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe" [2004-12-14 09:50 340032]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [2005-01-18 12:18 126976]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [2004-12-06 19:54 81920]
"TMESBS.EXE"="C:\Program Files\TOSHIBA\TME3\TMESBS32.exe" [2003-08-01 12:56 86016]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2004-11-03 09:12 147456]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 09:27 385024]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 15:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 13:18 241664]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 20:25 177416]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-01-03 12:00 14088]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 11:42 230664]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-02-29 09:17 1193224]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-02-29 09:17 173320]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-02-29 09:17 259336]
"IVPServiceMgr"="C:\toshiba\ivp\ism\ivpsvmgr.exe" [2003-10-20 06:37 475136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-07 13:42 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-13 17:29 185896]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 05:07 228088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"eTrustPPAP"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPActiveDetection.exe" [2008-03-08 08:56 258048]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="%windir%\help\wizard.hta" [ ]

C:\Documents and Settings\Linda Goodson\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-11 19:57:52 59080]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-01 09:31:14 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 03:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 21:01:04 83360]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-01-07 11:35:29 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 09:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2004-08-04 02:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-05-18 12:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 2002-08-29 01:41 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2004-08-04 02:00 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2007-10-18 09:46]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2004-12-27 20:31]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2004-11-13 09:24]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2007-05-18 12:30]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2007-05-18 12:30]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2007-10-18 13:28]
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 09:08]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2007-10-18 09:46]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2007-11-02 03:54]
R2 Tmesbs;Tmesbs32;"C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service []
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-04 08:23]
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 08:39]
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2007-05-18 12:30]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2007-09-12 11:02]
R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-08-16 19:10]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;C:\WINDOWS\system32\DRIVERS\TBtnKey.sys [2002-09-12 19:48]
R3 WacomPen;Wacom Serial Pen HID Driver;C:\WINDOWS\system32\DRIVERS\wacompen.sys [2004-08-03 13:04]
S3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2004-11-30 14:04]
S3 TMicAry;Toshiba Audio Effect with MicArray;C:\WINDOWS\system32\DRIVERS\TMicAry.sys [2004-02-04 08:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-03 00:00:15 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Linda Goodson at 1 59 PM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
"2008-03-09 15:58:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-09 04:00:09 C:\WINDOWS\Tasks\ParetoLogic Registration.job"
- C:\WINDOWS\system32\[email protected]
"2008-03-09 00:03:11 C:\WINDOWS\Tasks\User_Feed_Synchronization-{F73D8017-CFCB-4548-A6CF-DCB9523F935D}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 07:58:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-09 8:00:44
ComboFix-quarantined-files.txt 2008-03-09 18:00:36
ComboFix2.txt 2008-03-09 16:05:05
.
2008-02-14 13:08:53 --- E O F ---
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\stc
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===============
Then proceed with MalwareBytes antimalware please.
  • 0

#7
LindaGee

LindaGee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Malwarebytes' Anti-Malware 1.07
Database version: 471

Scan type: Full Scan (C:\|)
Objects scanned: 103570
Time elapsed: 23 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{71493218-e553-4fa8-85e2-e6d18fa75509} (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f4f41439-82fc-4681-acb0-7d3798f685c0} (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e33f406-ab8f-4153-a5c8-089aeff5cc87} (Rogue.SpyMaxx) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\mrofinu72.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F962517D-1FFA-44F6-9BAC-05867459463C}\RP95\A0029168.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F962517D-1FFA-44F6-9BAC-05867459463C}\RP95\A0029208.exe (Rogue.Antivirus Pro) -> Quarantined and deleted successfully.
C:\WINDOWS\Antivirus Pro Setup Log.txt (Rogue.AntivirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\Antivirus Pro Uninstall Log.txt (Rogue.AntivirusPro) -> Quarantined and deleted successfully.
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#9
LindaGee

LindaGee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
It doesn't give a report. after I okay for active X, a pop up says for me to retry. Perhaps this is saying there is no detection of anything malicious?
Computer is working much better now and no more warning pop ups.
Thank you so much. Going to hit the gold donate button now.
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Thanks for your donation.
The scan has to load several Active x components.
Evertime it asks you to retry click the retry button.

If you cannot get the scan to work try the following::

Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#11
LindaGee

LindaGee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sunday, March 09, 2008 4:13:14 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/03/2008
Kaspersky Anti-Virus database records: 620555


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 77507
Number of viruses found 3
Number of infected objects 9
Number of suspicious objects 0
Duration of the scan process 01:02:12

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03082008-165345.log Object is locked skipped

C:\Documents and Settings\Linda Goodson\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Linda Goodson\Local Settings\Application Data\ApplicationHistory\TabTip.exe.d009f891.ini.inuse Object is locked skipped

C:\Documents and Settings\Linda Goodson\Local Settings\Application Data\ApplicationHistory\TCServer.exe.7c11743d.ini.inuse Object is locked skipped

C:\Documents and Settings\Linda Goodson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Linda Goodson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Linda Goodson\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{8F5558BC-DA52-42FA-9859-4B8D2558F6A5} Object is locked skipped

C:\Documents and Settings\Linda Goodson\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Linda Goodson\Local Settings\Temp\~DF2A9E.tmp Object is locked skipped

C:\Documents and Settings\Linda Goodson\Local Settings\Temp\~DF4D0E.tmp Object is locked skipped

C:\Documents and Settings\Linda Goodson\Local Settings\Temp\~DF5379.tmp Object is locked skipped

C:\Documents and Settings\Linda Goodson\Local Settings\Temp\~DF7EA8.tmp Object is locked skipped

C:\Documents and Settings\Linda Goodson\Local Settings\Temp\~DFDF9F.tmp Object is locked skipped

C:\Documents and Settings\Linda Goodson\Local Settings\Temp\~DFE263.tmp Object is locked skipped

C:\Documents and Settings\Linda Goodson\Local Settings\Temp\~DFEF58.tmp Object is locked skipped

C:\Documents and Settings\Linda Goodson\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Linda Goodson\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Linda Goodson\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Linda Goodson\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped

C:\Program Files\CA\SharedComponents\PPRT\logs\2008-03-09.csv Object is locked skipped

C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinUninstaller.exe.vir/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinUninstaller.exe.vir NSIS: infected - 1 skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\mgmrwmrv.exe.vir Infected: not-virus:Hoax.Win32.Renos.bbw skipped

C:\QooBox\Quarantine\catchme2008-03-09_ 55644.95.zip/awtqqpq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\catchme2008-03-09_ 55644.95.zip/geefd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\catchme2008-03-09_ 55644.95.zip ZIP: infected - 2 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{F962517D-1FFA-44F6-9BAC-05867459463C}\RP95\A0029167.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\System Volume Information\_restore{F962517D-1FFA-44F6-9BAC-05867459463C}\RP95\A0029167.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{F962517D-1FFA-44F6-9BAC-05867459463C}\RP96\A0029286.exe Infected: not-virus:Hoax.Win32.Renos.bbw skipped

C:\System Volume Information\_restore{F962517D-1FFA-44F6-9BAC-05867459463C}\RP96\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Why do I have a panda icon on my tabs now?
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

Why do I have a panda icon on my tabs now?

Not sure you can uninstall that now.
==========================
After that please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:After that
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
=======================
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image

The above procedure will delete and do the following:

  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:\Deckard folder, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete\uninstall anything that we used that is left over.

Doing the above will remove what is left over in the Kaspersky scan
===========================================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0

#13
LindaGee

LindaGee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I was unable to do the last part.

The above procedure will delete and do the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Clean System Restore points.


But it seems all of the above has been done.
Thank you so much.
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Uninstalling Combofix does all of that so you are good to go. :)
  • 0

#15
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP