Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32:Delf-IWD [RESOLVED]


  • This topic is locked This topic is locked

#1
derek01f

derek01f

    Member

  • Member
  • PipPip
  • 51 posts
this thing has a been a pain in the a$$

avast keeps finding it. i keep deleting it and it keeps coming back. thanks

heres the log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:46 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\perfs.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\TOSHIBA\dynadock Utility\TOSUSBSvr.exe
C:\WINDOWS\system\Cm106eye.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\TripleSync\TSync.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Toshiba\IVP\ISM\ivpsvmgr.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://172.17.6.3/tsweb/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.6.135:80
O1 - Hosts: 172.17.6.134 NPIE0938F
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CM106Sound] RunDll32 CM106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TOSUSBSvr] C:\Program Files\TOSHIBA\dynadock Utility\TOSUSBSvr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: TSync.lnk = C:\Program Files\TripleSync\TSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1204567559250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206469195265
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://172.17.6.3/tsweb/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cambria.local
O17 - HKLM\Software\..\Telephony: DomainName = cambria.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{C44B3F5B-FCD1-4ED4-9ABE-D72D0BCE72B2}: NameServer = 172.17.6.1,172.17.5.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cambria.local
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 15480 bytes
  • 0

Advertisements


#2
derek01f

derek01f

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
anybody got anything????
  • 0

#3
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#4
derek01f

derek01f

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
ComboFix Log:

ComboFix 08-04-26.3 - Dkauffman 2008-05-01 9:34:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1078 [GMT -4:00]
Running from: C:\Documents and Settings\Dkauffman\Desktop\ComboFix.exe
Command switches used :: C:\downloads\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet explorer\keygen.exe
C:\WINDOWS\system32\tmp0_755824685943.bk
C:\WINDOWS\system32\tmp4_131487143603.bk
C:\WINDOWS\system32\tmp4_303849262150.bk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PERFMONS
-------\Service_perfmons


((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-04-30 14:57 . 2008-04-30 14:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-30 09:00 . 2008-04-30 09:00 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-29 15:14 . 2008-04-29 15:14 <DIR> d-------- C:\Program Files\CCleaner
2008-04-24 11:07 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-04-24 11:06 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-24 11:05 . 2004-08-04 08:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-04-24 11:04 . 2004-08-04 08:00 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-04-24 11:03 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-04-24 11:02 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-04-24 11:01 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-24 11:00 . 2004-08-04 08:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-04-24 10:59 . 2004-08-04 00:56 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-04-24 10:58 . 2004-08-04 08:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-04-24 10:57 . 2004-08-04 08:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-04-24 10:56 . 2004-08-04 08:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-24 10:55 . 2001-08-17 13:28 907,456 --a--c--- C:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-04-24 10:54 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-04-24 10:53 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-04-24 10:52 . 2004-08-04 08:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-04-24 10:51 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-04-24 10:50 . 2004-08-04 08:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-04-22 12:04 . 2008-04-22 12:04 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-21 14:46 . 2008-04-21 14:46 <DIR> d-------- C:\MediaVBS
2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-21 11:26 . 2008-04-21 11:28 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-21 11:26 . 2008-04-21 11:26 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-04-21 11:25 . 2008-04-21 11:25 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-21 11:25 . 2008-04-21 11:25 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-21 11:25 . 2008-04-21 11:25 <DIR> d-------- C:\Program Files\MSBuild
2008-04-21 11:24 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-09 10:38 . 2008-04-14 09:16 <DIR> d-------- C:\Documents and Settings\Dkauffman\Contacts
2008-04-09 10:17 . 2008-04-09 10:17 <DIR> d-------- C:\WINDOWS\SchCache
2008-04-02 12:43 . 2008-04-02 12:43 <DIR> d-------- C:\Program Files\Advanced IP Scanner
2008-04-02 03:00 . 2008-04-02 03:00 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-01 10:38 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-01 10:38 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-04-01 09:53 . 2008-04-01 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-04-01 09:53 . 2008-04-01 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-04-01 09:48 . 2008-04-01 09:48 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-04-01 09:48 . 2004-08-20 09:02 102,400 --a------ C:\WINDOWS\system32\PMLJNI.dll
2008-04-01 09:48 . 2003-06-16 17:52 74,752 --a------ C:\WINDOWS\system32\jst.dll
2008-04-01 09:48 . 2004-05-10 16:11 40,960 --a------ C:\WINDOWS\system32\d4channel.dll
2008-04-01 09:48 . 2003-06-20 13:21 36,864 --a------ C:\WINDOWS\system32\hpbmmjno.dll
2008-04-01 09:48 . 2005-02-03 13:31 32,768 --a------ C:\WINDOWS\system32\compJNI.dll
2008-04-01 09:45 . 2008-04-01 09:47 <DIR> d-------- C:\Program Files\Common Files\HP
2008-04-01 09:44 . 2008-04-01 09:48 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-04-01 09:44 . 2008-04-01 09:44 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-01 09:43 . 2004-12-24 11:07 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-04-01 09:43 . 2004-12-24 11:05 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-04-01 09:43 . 2004-12-24 11:07 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-04-01 09:41 . 2008-04-21 11:28 <DIR> d-------- C:\Temp
2008-04-01 09:41 . 2008-04-01 09:42 682 --a------ C:\WINDOWS\hpntwksetup.ini
2008-04-01 09:40 . 2008-04-01 09:47 <DIR> d-------- C:\Program Files\HP
2008-04-01 09:32 . 2008-04-01 09:32 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-04-01 09:32 . 2008-04-01 09:58 53,975 --a------ C:\WINDOWS\hppins01.dat
2008-04-01 09:32 . 2005-04-08 12:52 2,392 --------- C:\WINDOWS\hppmdl01.dat
  • 0

#5
derek01f

derek01f

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
New Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:52, on 2008-05-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\TOSHIBA\dynadock Utility\TOSUSBSvr.exe
C:\WINDOWS\system\Cm106eye.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\TripleSync\TSync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://172.17.6.3/tsweb/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.6.135:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CM106Sound] RunDll32 CM106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TOSUSBSvr] C:\Program Files\TOSHIBA\dynadock Utility\TOSUSBSvr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: TSync.lnk = C:\Program Files\TripleSync\TSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1204567559250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206469195265
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://172.17.6.3/tsweb/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cambria.local
O17 - HKLM\Software\..\Telephony: DomainName = cambria.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{C44B3F5B-FCD1-4ED4-9ABE-D72D0BCE72B2}: NameServer = 172.17.6.1,172.17.5.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cambria.local
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 15015 bytes
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the ComboFix log again, a lot of it is missing
  • 0

#7
derek01f

derek01f

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
sure
  • 0

#8
derek01f

derek01f

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
thats all thats in it... should i just run it again??
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Strange

Yes try run it again and post the log
  • 0

#10
derek01f

derek01f

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
ok
  • 0

Advertisements


#11
derek01f

derek01f

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
here ya go combofix log:

ComboFix 08-04-26.3 - Dkauffman 2008-05-01 10:13:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1197 [GMT -4:00]
Running from: C:\Documents and Settings\Dkauffman\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\internet explorer\keygen.exe
C:\WINDOWS\system32\tmp0_755824685943.bk
C:\WINDOWS\system32\tmp4_131487143603.bk
C:\WINDOWS\system32\tmp4_303849262150.bk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PERFMONS
-------\Service_perfmons


((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-04-30 14:57 . 2008-04-30 14:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-30 09:00 . 2008-04-30 09:00 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-29 15:14 . 2008-04-29 15:14 <DIR> d-------- C:\Program Files\CCleaner
2008-04-24 11:07 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-04-24 11:06 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-24 11:05 . 2004-08-04 08:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-04-24 11:04 . 2004-08-04 08:00 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-04-24 11:03 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-04-24 11:02 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-04-24 11:01 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-24 11:00 . 2004-08-04 08:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-04-24 10:59 . 2004-08-04 00:56 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-04-24 10:58 . 2004-08-04 08:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-04-24 10:57 . 2004-08-04 08:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-04-24 10:56 . 2004-08-04 08:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-24 10:55 . 2001-08-17 13:28 907,456 --a--c--- C:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-04-24 10:54 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-04-24 10:53 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-04-24 10:52 . 2004-08-04 08:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-04-24 10:51 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-04-24 10:50 . 2004-08-04 08:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-04-22 12:04 . 2008-04-22 12:04 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-21 14:46 . 2008-04-21 14:46 <DIR> d-------- C:\MediaVBS
2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-21 11:26 . 2008-04-21 11:28 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-21 11:26 . 2008-04-21 11:26 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-04-21 11:25 . 2008-04-21 11:25 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-21 11:25 . 2008-04-21 11:25 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-21 11:25 . 2008-04-21 11:25 <DIR> d-------- C:\Program Files\MSBuild
2008-04-21 11:24 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-09 10:38 . 2008-04-14 09:16 <DIR> d-------- C:\Documents and Settings\Dkauffman\Contacts
2008-04-09 10:17 . 2008-04-09 10:17 <DIR> d-------- C:\WINDOWS\SchCache
2008-04-02 12:43 . 2008-04-02 12:43 <DIR> d-------- C:\Program Files\Advanced IP Scanner
2008-04-02 03:00 . 2008-04-02 03:00 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-01 10:38 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-01 10:38 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-04-01 09:53 . 2008-04-01 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-04-01 09:53 . 2008-04-01 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-04-01 09:48 . 2008-04-01 09:48 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-04-01 09:48 . 2004-08-20 09:02 102,400 --a------ C:\WINDOWS\system32\PMLJNI.dll
2008-04-01 09:48 . 2003-06-16 17:52 74,752 --a------ C:\WINDOWS\system32\jst.dll
2008-04-01 09:48 . 2004-05-10 16:11 40,960 --a------ C:\WINDOWS\system32\d4channel.dll
2008-04-01 09:48 . 2003-06-20 13:21 36,864 --a------ C:\WINDOWS\system32\hpbmmjno.dll
2008-04-01 09:48 . 2005-02-03 13:31 32,768 --a------ C:\WINDOWS\system32\compJNI.dll
2008-04-01 09:45 . 2008-04-01 09:47 <DIR> d-------- C:\Program Files\Common Files\HP
2008-04-01 09:44 . 2008-04-01 09:48 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-04-01 09:44 . 2008-04-01 09:44 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-01 09:43 . 2004-12-24 11:07 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-04-01 09:43 . 2004-12-24 11:05 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-04-01 09:43 . 2004-12-24 11:07 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-04-01 09:41 . 2008-04-21 11:28 <DIR> d-------- C:\Temp
2008-04-01 09:41 . 2008-04-01 09:42 682 --a------ C:\WINDOWS\hpntwksetup.ini
2008-04-01 09:40 . 2008-04-01 09:47 <DIR> d-------- C:\Program Files\HP
2008-04-01 09:32 . 2008-04-01 09:32 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-04-01 09:32 . 2008-04-01 09:58 53,975 --a------ C:\WINDOWS\hppins01.dat
2008-04-01 09:32 . 2005-04-08 12:52 2,392 --------- C:\WINDOWS\hppmdl01.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 14:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-05-01 14:10 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\TripleSync
2008-05-01 13:58 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-21 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 14:37 --------- d-----w C:\Program Files\Windows Live
2008-04-09 14:36 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-09 14:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-03 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-31 19:01 --------- d-----w C:\Program Files\[email protected]
2008-03-31 18:50 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\MySpace
2008-03-31 18:49 --------- d-----w C:\Program Files\MySpace
2008-03-31 18:37 --------- d-----w C:\Program Files\UltraMon
2008-03-31 18:37 --------- d-----w C:\Program Files\Common Files\Realtime Soft
2008-03-31 18:37 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\Realtime Soft
2008-03-31 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-03-31 18:00 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\Nero
2008-03-31 17:59 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-31 17:58 --------- d-----w C:\Program Files\Nero
2008-03-31 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-31 17:39 --------- d-----w C:\Program Files\TOSHIBA USB Audio
2008-03-31 17:38 --------- d-----w C:\Program Files\TOSHIBA Video Dock
2008-03-31 17:37 --------- d-----w C:\Program Files\Toshiba
2008-03-31 13:10 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-03-31 13:04 --------- d-----w C:\Program Files\DisplayLink Core Software
2008-03-27 19:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-27 19:02 --------- d-----w C:\Program Files\ExtraPutty 0.22
2008-03-26 14:40 --------- d-----w C:\Program Files\Java
2008-03-26 12:46 --------- d-----w C:\Program Files\Microsoft Learning
2008-03-25 20:27 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-25 20:20 --------- d-----w C:\Program Files\Netflix
2008-03-25 00:47 --------- d-----w C:\Program Files\PayPal
2008-03-24 22:33 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2008-03-24 22:33 --------- d--h--w C:\Documents and Settings\Dkauffman\Application Data\GTek
2008-03-24 22:33 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-03-24 22:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Gtek
2008-03-24 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\GrebleSoft
2008-03-24 13:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-24 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-24 12:37 --------- d-----w C:\Program Files\AIM6
2008-03-24 12:37 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\acccore
2008-03-24 12:36 --------- d-----w C:\Program Files\Viewpoint
2008-03-24 12:36 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-24 12:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-24 12:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 17:11 --------- d-----w C:\Program Files\Common Files\Deterministic Networks
2008-03-18 17:11 --------- d-----w C:\Program Files\Cisco Systems
2008-03-17 16:51 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
2008-03-17 14:55 --------- d-----w C:\Program Files\BitLord
2008-03-17 14:47 --------- d-----w C:\Program Files\TripleSync
2008-03-12 14:50 --------- d-----w C:\Program Files\Snapshot Viewer
2008-03-12 14:49 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\Microsoft Web Folders
2008-03-10 20:00 --------- d-----w C:\Program Files\Microsoft Virtual PC
2008-03-06 17:39 --------- d-----w C:\Program Files\PokerStars
2008-03-06 17:38 --------- d-----w C:\Program Files\Google
2008-03-06 17:34 --------- d-----w C:\Program Files\FileZilla
2008-03-06 17:31 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\Talkback
2008-03-06 16:31 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\Thunderbird
2008-03-06 15:29 --------- d-----w C:\Program Files\QuickTime
2008-03-06 15:29 --------- d-----w C:\Program Files\iTunes
2008-03-06 15:29 --------- d-----w C:\Program Files\iPod
2008-03-06 15:29 --------- d-----w C:\Program Files\Bonjour
2008-03-06 15:29 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\Apple Computer
2008-03-06 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-06 15:28 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-06 15:28 --------- d-----w C:\Program Files\Apple Software Update
2008-03-06 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-06 15:26 --------- d-----w C:\Program Files\PowerISO
2008-03-06 15:23 --------- d-----w C:\Program Files\Network Stumbler
2008-03-06 15:14 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-03-06 15:11 --------- d-----w C:\Program Files\Alwil Software
2008-03-06 15:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-03 18:41 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-03 18:38 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-03 18:36 --------- d-----w C:\Program Files\Microsoft Small Business
2008-03-03 16:49 --------- d-----w C:\Program Files\TightVNC
2008-03-03 16:11 --------- d-----w C:\Program Files\McAfee
2008-03-03 16:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-03 14:53 319,488 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2008-03-03 14:53 21,425 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-03 14:53 --------- d-----w C:\Program Files\Intel
2008-03-03 14:53 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-03-03 14:53 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-03-03 14:53 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\Intel
2008-03-03 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-03-03 14:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intel
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-06-14 00:51 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-03 20:03 2854912 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-03 20:03 2854912 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2007-01-09 17:23 191552]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 03:32 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 17:16 454784]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-05 17:46 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-05 17:46 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-05 17:46 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 21:08 16342528 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-18 01:40 53248]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 13:50 413696]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-04 19:04 860160]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2006-12-03 19:29 49168]
"NDSTray.exe"="NDSTray.exe" []
"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-13 21:16 311296]
"ThpSrv"="C:\WINDOWS\system32\thpsrv /logon" [ ]
"TPSMain"="TPSMain.exe" [2005-06-01 00:00 282624 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-09 21:07 159744]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2007-06-15 15:51 1773568]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2007-01-25 20:47 136816]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 20:47 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 20:44 970752]
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" [2007-05-07 20:28 589824]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 03:05 217088]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"CFSServ.exe"="CFSServ.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CM106Sound"="CM106.cpl" []
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 19:52 849280]
"TOSUSBSvr"="C:\Program Files\TOSHIBA\dynadock Utility\TOSUSBSvr.exe" [2007-03-21 12:38 258048]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2007-04-01 06:47 299520]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 12:57 245760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904]

C:\Documents and Settings\Dkauffman\Start Menu\Programs\Startup\
TSync.lnk - C:\Program Files\TripleSync\TSync.exe [2008-03-17 10:47:46 483328]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
VPN Client.lnk - C:\WINDOWS\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2008-03-18 13:11:50 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2006-12-03 19:50 90112 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2007-04-27 13:19]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2007-03-09 18:23]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 17:50]
R2 DisplayLinkService;DisplayLink Service;"C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe" [2007-07-06 00:45]
R2 pinger;pinger;C:\Toshiba\IVP\ISM\pinger.exe [2007-01-25 20:47]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2007-03-26 15:22]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-26 00:55]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;C:\WINDOWS\system32\DRIVERS\trudf.sys [2007-02-19 15:15]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys [2004-12-03 14:04]
R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-11 00:42]
R3 CM1063264;C-Media CM106 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\CM106.sys [2007-02-02 18:29]
R3 DisplayLinkGA;DisplayLinkGA;C:\WINDOWS\system32\DRIVERS\DisplayLinkGAport.sys [2007-03-09 13:09]
R3 DisplayLinkmirror;DisplayLinkmirror;C:\WINDOWS\system32\DRIVERS\DisplayLinkmirrorport.sys [2007-03-09 13:16]
R3 DisplayLinkUsbPort;DisplayLink USB Device;C:\WINDOWS\system32\DRIVERS\DisplayLinkUsbPort.sys [2007-06-06 11:02]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 19:21]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 17:27]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-12-03 19:21]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2007-02-22 18:10]
R3 tosrfec;Bluetooth ACPI;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2006-10-23 19:32]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
R3 UVCFTR;UVCFTR;C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS [2007-04-16 13:19]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 22:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{212f0910-f99b-11dc-807a-001de0b54e41}]
\Shell\AutoRun\command - F:\Launch.exe /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b552f96-1a99-11dc-a5f6-001b2420a182}]
\Shell\AutoRun\command - PortableApps\PortableAppsMenu\PortableAppsMenu.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 20:57:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 10:15:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-01 10:16:31
ComboFix-quarantined-files.txt 2008-05-01 14:16:24

Pre-Run: 74,865,803,264 bytes free
Post-Run: 74,852,098,048 bytes free

306 --- E O F --- 2008-04-22 07:00:27
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello


1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{212f0910-f99b-11dc-807a-001de0b54e41}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b552f96-1a99-11dc-a5f6-001b2420a182}]

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall





Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also post a new HijackThis log and tell me how your PC is running
  • 0

#13
derek01f

derek01f

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
ok heres the new combofix log:

ComboFix 08-04-26.3 - Dkauffman 2008-05-01 10:26:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1167 [GMT -4:00]
Running from: C:\Documents and Settings\Dkauffman\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dkauffman\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-04-30 14:57 . 2008-04-30 14:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-30 09:00 . 2008-04-30 09:00 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-29 15:14 . 2008-04-29 15:14 <DIR> d-------- C:\Program Files\CCleaner
2008-04-24 11:07 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-04-24 11:06 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-24 11:05 . 2004-08-04 08:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-04-24 11:04 . 2004-08-04 08:00 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-04-24 11:03 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-04-24 11:02 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-04-24 11:01 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-24 11:00 . 2004-08-04 08:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-04-24 10:59 . 2004-08-04 00:56 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-04-24 10:58 . 2004-08-04 08:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-04-24 10:57 . 2004-08-04 08:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-04-24 10:56 . 2004-08-04 08:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-24 10:55 . 2001-08-17 13:28 907,456 --a--c--- C:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-04-24 10:54 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-04-24 10:53 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-04-24 10:52 . 2004-08-04 08:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-04-24 10:51 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-04-24 10:50 . 2004-08-04 08:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-04-22 12:04 . 2008-04-22 12:04 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-21 14:46 . 2008-04-21 14:46 <DIR> d-------- C:\MediaVBS
2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-21 11:28 . 2008-04-21 11:28 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-21 11:26 . 2008-04-21 11:28 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-04-21 11:26 . 2008-04-21 11:26 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-04-21 11:25 . 2008-04-21 11:25 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-21 11:25 . 2008-04-21 11:25 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-21 11:25 . 2008-04-21 11:25 <DIR> d-------- C:\Program Files\MSBuild
2008-04-21 11:24 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-09 10:38 . 2008-04-14 09:16 <DIR> d-------- C:\Documents and Settings\Dkauffman\Contacts
2008-04-09 10:17 . 2008-04-09 10:17 <DIR> d-------- C:\WINDOWS\SchCache
2008-04-02 12:43 . 2008-04-02 12:43 <DIR> d-------- C:\Program Files\Advanced IP Scanner
2008-04-02 03:00 . 2008-04-02 03:00 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-01 10:38 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-01 10:38 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-04-01 09:53 . 2008-04-01 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-04-01 09:53 . 2008-04-01 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-04-01 09:48 . 2008-04-01 09:48 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-04-01 09:48 . 2004-08-20 09:02 102,400 --a------ C:\WINDOWS\system32\PMLJNI.dll
2008-04-01 09:48 . 2003-06-16 17:52 74,752 --a------ C:\WINDOWS\system32\jst.dll
2008-04-01 09:48 . 2004-05-10 16:11 40,960 --a------ C:\WINDOWS\system32\d4channel.dll
2008-04-01 09:48 . 2003-06-20 13:21 36,864 --a------ C:\WINDOWS\system32\hpbmmjno.dll
2008-04-01 09:48 . 2005-02-03 13:31 32,768 --a------ C:\WINDOWS\system32\compJNI.dll
2008-04-01 09:45 . 2008-04-01 09:47 <DIR> d-------- C:\Program Files\Common Files\HP
2008-04-01 09:44 . 2008-04-01 09:48 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-04-01 09:44 . 2008-04-01 09:44 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-01 09:43 . 2004-12-24 11:07 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-04-01 09:43 . 2004-12-24 11:05 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-04-01 09:43 . 2004-12-24 11:07 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-04-01 09:41 . 2008-04-21 11:28 <DIR> d-------- C:\Temp
2008-04-01 09:41 . 2008-04-01 09:42 682 --a------ C:\WINDOWS\hpntwksetup.ini
2008-04-01 09:40 . 2008-04-01 09:47 <DIR> d-------- C:\Program Files\HP
2008-04-01 09:32 . 2008-04-01 09:32 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-04-01 09:32 . 2008-04-01 09:58 53,975 --a------ C:\WINDOWS\hppins01.dat
2008-04-01 09:32 . 2005-04-08 12:52 2,392 --------- C:\WINDOWS\hppmdl01.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 14:26 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\TripleSync
2008-05-01 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-05-01 13:58 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-21 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 14:37 --------- d-----w C:\Program Files\Windows Live
2008-04-09 14:36 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-09 14:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-03 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-31 19:01 --------- d-----w C:\Program Files\[email protected]
2008-03-31 18:50 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\MySpace
2008-03-31 18:49 --------- d-----w C:\Program Files\MySpace
2008-03-31 18:37 --------- d-----w C:\Program Files\UltraMon
2008-03-31 18:37 --------- d-----w C:\Program Files\Common Files\Realtime Soft
2008-03-31 18:37 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\Realtime Soft
2008-03-31 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-03-31 18:00 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\Nero
2008-03-31 17:59 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-31 17:58 --------- d-----w C:\Program Files\Nero
2008-03-31 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-03-31 17:39 --------- d-----w C:\Program Files\TOSHIBA USB Audio
2008-03-31 17:38 --------- d-----w C:\Program Files\TOSHIBA Video Dock
2008-03-31 17:37 --------- d-----w C:\Program Files\Toshiba
2008-03-31 13:10 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-03-31 13:04 --------- d-----w C:\Program Files\DisplayLink Core Software
2008-03-27 19:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-27 19:02 --------- d-----w C:\Program Files\ExtraPutty 0.22
2008-03-26 14:40 --------- d-----w C:\Program Files\Java
2008-03-26 12:46 --------- d-----w C:\Program Files\Microsoft Learning
2008-03-25 20:27 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-25 20:20 --------- d-----w C:\Program Files\Netflix
2008-03-25 00:47 --------- d-----w C:\Program Files\PayPal
2008-03-24 22:33 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2008-03-24 22:33 --------- d--h--w C:\Documents and Settings\Dkauffman\Application Data\GTek
2008-03-24 22:33 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-03-24 22:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Gtek
2008-03-24 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\GrebleSoft
2008-03-24 13:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-24 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-24 12:37 --------- d-----w C:\Program Files\AIM6
2008-03-24 12:37 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\acccore
2008-03-24 12:36 --------- d-----w C:\Program Files\Viewpoint
2008-03-24 12:36 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-24 12:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-24 12:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 17:11 --------- d-----w C:\Program Files\Common Files\Deterministic Networks
2008-03-18 17:11 --------- d-----w C:\Program Files\Cisco Systems
2008-03-17 16:51 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
2008-03-17 14:55 --------- d-----w C:\Program Files\BitLord
2008-03-17 14:47 --------- d-----w C:\Program Files\TripleSync
2008-03-12 14:50 --------- d-----w C:\Program Files\Snapshot Viewer
2008-03-12 14:49 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\Microsoft Web Folders
2008-03-10 20:00 --------- d-----w C:\Program Files\Microsoft Virtual PC
2008-03-06 17:39 --------- d-----w C:\Program Files\PokerStars
2008-03-06 17:38 --------- d-----w C:\Program Files\Google
2008-03-06 17:34 --------- d-----w C:\Program Files\FileZilla
2008-03-06 17:31 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\Talkback
2008-03-06 16:31 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\Thunderbird
2008-03-06 15:29 --------- d-----w C:\Program Files\QuickTime
2008-03-06 15:29 --------- d-----w C:\Program Files\iTunes
2008-03-06 15:29 --------- d-----w C:\Program Files\iPod
2008-03-06 15:29 --------- d-----w C:\Program Files\Bonjour
2008-03-06 15:29 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\Apple Computer
2008-03-06 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-06 15:28 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-06 15:28 --------- d-----w C:\Program Files\Apple Software Update
2008-03-06 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-06 15:26 --------- d-----w C:\Program Files\PowerISO
2008-03-06 15:23 --------- d-----w C:\Program Files\Network Stumbler
2008-03-06 15:14 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-03-06 15:11 --------- d-----w C:\Program Files\Alwil Software
2008-03-06 15:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-03 18:41 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-03 18:38 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-03 18:36 --------- d-----w C:\Program Files\Microsoft Small Business
2008-03-03 16:49 --------- d-----w C:\Program Files\TightVNC
2008-03-03 16:11 --------- d-----w C:\Program Files\McAfee
2008-03-03 16:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-03 14:53 319,488 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2008-03-03 14:53 21,425 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-03 14:53 --------- d-----w C:\Program Files\Intel
2008-03-03 14:53 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-03-03 14:53 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-03-03 14:53 --------- d-----w C:\Documents and Settings\Dkauffman\Application Data\Intel
2008-03-03 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-03-03 14:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intel
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-06-14 00:51 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-03 20:03 2854912 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-03 20:03 2854912 --a------ C:\Program Files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2007-01-09 17:23 191552]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 03:32 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 17:16 454784]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-05 17:46 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-05 17:46 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-05 17:46 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 21:08 16342528 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-18 01:40 53248]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 13:50 413696]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-04 19:04 860160]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2006-12-03 19:29 49168]
"NDSTray.exe"="NDSTray.exe" []
"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-13 21:16 311296]
"ThpSrv"="C:\WINDOWS\system32\thpsrv /logon" [ ]
"TPSMain"="TPSMain.exe" [2005-06-01 00:00 282624 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-09 21:07 159744]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2007-06-15 15:51 1773568]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2007-01-25 20:47 136816]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 20:47 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 20:44 970752]
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" [2007-05-07 20:28 589824]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 03:05 217088]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"CFSServ.exe"="CFSServ.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CM106Sound"="CM106.cpl" []
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 19:52 849280]
"TOSUSBSvr"="C:\Program Files\TOSHIBA\dynadock Utility\TOSUSBSvr.exe" [2007-03-21 12:38 258048]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2007-04-01 06:47 299520]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 12:57 245760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904]

C:\Documents and Settings\Dkauffman\Start Menu\Programs\Startup\
TSync.lnk - C:\Program Files\TripleSync\TSync.exe [2008-03-17 10:47:46 483328]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
VPN Client.lnk - C:\WINDOWS\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2008-03-18 13:11:50 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2006-12-03 19:50 90112 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2007-04-27 13:19]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2007-03-09 18:23]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 17:50]
R2 DisplayLinkService;DisplayLink Service;"C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe" [2007-07-06 00:45]
R2 pinger;pinger;C:\Toshiba\IVP\ISM\pinger.exe [2007-01-25 20:47]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2007-03-26 15:22]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-26 00:55]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;C:\WINDOWS\system32\DRIVERS\trudf.sys [2007-02-19 15:15]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys [2004-12-03 14:04]
R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-11 00:42]
R3 CM1063264;C-Media CM106 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\CM106.sys [2007-02-02 18:29]
R3 DisplayLinkGA;DisplayLinkGA;C:\WINDOWS\system32\DRIVERS\DisplayLinkGAport.sys [2007-03-09 13:09]
R3 DisplayLinkmirror;DisplayLinkmirror;C:\WINDOWS\system32\DRIVERS\DisplayLinkmirrorport.sys [2007-03-09 13:16]
R3 DisplayLinkUsbPort;DisplayLink USB Device;C:\WINDOWS\system32\DRIVERS\DisplayLinkUsbPort.sys [2007-06-06 11:02]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 19:21]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 17:27]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-12-03 19:21]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2007-02-22 18:10]
R3 tosrfec;Bluetooth ACPI;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2006-10-23 19:32]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
R3 UVCFTR;UVCFTR;C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS [2007-04-16 13:19]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 22:12]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 20:57:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 10:26:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-01 10:27:39
ComboFix-quarantined-files.txt 2008-05-01 14:27:35
ComboFix2.txt 2008-05-01 14:16:31

Pre-Run: 74,836,099,072 bytes free
Post-Run: 74,821,357,568 bytes free

291 --- E O F --- 2008-04-22 07:00:27
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok lets see what Kaspersky shows. Post a new HijackThis log with it as well
  • 0

#15
derek01f

derek01f

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Ok lets see what Kaspersky shows. Post a new HijackThis log with it as well

ok runnin kaspersky now...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP